Problem with win32.trojan-gen

[rodeni]

I have a problem with a virus win32.trojan-gen
When I start my computer or when i go on the Internet Avast alersts me of a virus.
I delete it every time but no success. It is always rec[1].exe or a tri digit number example (003.exe, 123.exe and so one). Also it is always in my temporary files.
Please help.

Here is my log files so you can see.

18.10.2009 18:18:39   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF4ZA62W\rec[1].exe" file. 
18.10.2009 18:18:42   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\105.exe" file. 
18.10.2009 18:18:51   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\105.exe" file. 
18.10.2009 19:02:55   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\968.exe" file. 
18.10.2009 19:11:03   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\698.exe" file. 
18.10.2009 19:19:14   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\929.exe" file. 
18.10.2009 19:27:13   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\764.exe" file. 
18.10.2009 19:35:25   Admin   1520   Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF4ZA62W\rec[1].exe" file. 
18.10.2009 21:18:31   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\236EAFN2\rec[1].exe" file. 
18.10.2009 21:18:49   Admin   1852   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\664.exe" file. 
19.10.2009 7:52:15   SYSTEM   1620   Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\55RECVD4\rec[1].exe" file. 
19.10.2009 7:53:13   SYSTEM   1620   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\364.exe" file. 
19.10.2009 12:00:33   SYSTEM   1620   Sign of "Win32:Trojan-gen" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8QY68L28\rec[1].exe" file. 
19.10.2009 12:00:45   SYSTEM   1620   Sign of "Win32:Trojan-gen" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\208.exe" file. 

[Pondus]

Have you tried cleaning you temp file folder?
http://www.google.no/search?hl=no&source=hp&q=how+to+clean+temp+file&meta=&aq=f&oq=

Or you can use CCleaner. go to settings-advanced and remove the tic on "only remove files older then 24 hours"
http://filehippo.com/download_ccleaner/

[FreewheelinFrank]

Try the usual free adware/spyware scanners.

SUPERAntiSpyware Free
Malwarebytes' Anti-Malware

[rodeni]

i tried with ccleaner and malwarebyte and it still is here. Im going to try with superantispyware now. But i have a theory that I do delete this files form my computer but when ever I try to go to the internet it downloads it self so it could actually be a kind of a tracker virus. I you have any ideas i would appreciate.

P.S. it also interupted my windows startup by sending a error message that doesnt say anything

[Pondus]

I recommend Malwarebytes Forum, they are specialist at this and are working with maleware removal 24/7
http://www.malwarebytes.org/forums/index.php?

[rodeni]

I solved it with SuperAntiSpyware. He found it in a second and removed it totaly. It was in Preftch. Thank you all for help. Hope not to here with you soon. Well you know what i mean. 

[DavidR]

Did it have a .pf file type as the files in the prefetch folder aren't copies of the original file, but just point to the location of the file on the HDD to speed up loading.

So the files in the prefetch folder are in effect inert and the original file would have to have been clicked/run. Unless the malware is dropping files into the prefetch folder they would still have to be run, registry entry or other file giving command to run it.

Without a copy of the SAS log file I fear that you might not have completely cleaned it.