Which computer dropped the file is totally irrelevant at this point - and you will not be able to find that out because Windows does not register it.
The same goes for finding out which account created the file: since several human beings use the same account, you can't locate the user.
Sality is an old virus, and actually it's by now an entire family so it's unsure what variant you're dealing with. Quoting from that Wikipedia article:
"Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date."
Also:
"Sality uses stealth measures to maintain persistence on a system; thus, you may need to boot to a trusted environment in order to remove it. Sality may also make changes to your computer such as changes to the Windows Registry, which makes it difficult to download, install and/or update your virus protection. Also, since many variants of Sality attempt to propagate to available removable/remote drives and network shares, it is important to ensure the recovery process thoroughly detects and removes the malware from any and all known/possible locations."
For now, assume all computers in your network infected.
Step 1: Disconnect and shut down all computers.
Step 2: Plan how to clean it up.
Step 3: Do the cleanup
The second step is the most important, if your plan does not work correctly you'll end up with an infected network all over.
It is also a step that cannot be described here in a few sentences. I suggest you get some people together and start researching:
https://www.google.com/search?q=clean+up+infected+computer
https://www.google.com/search?q=clean+up+infected+network
The primary advice for any infected computer is a full hard disk wipe and a full reinstall of the OS and/or restore of your backups.
To emphasize: from your question it seems as if you think you can get away with cleaning up one computer. You can't.
Antivirus runs on 5040 port number i.e. It communicates to it's console via this port. If there's any way to find which computers are not using this port using power shell script or command line or using any tool that would be a great help. I've seen this type of problem in many companies. Because of laziness of the IT Dept. whole company has to bear the loss. – arjavlad – 2014-04-04T19:10:20.230