Did it have a .pf file type as the files in the prefetch folder aren't copies of the original file, but just point to the location of the file on the HDD to speed up loading.
So the files in the prefetch folder are in effect inert and the original file would have to have been clicked/run. Unless the malware is dropping files into the prefetch folder they would still have to be run, registry entry or other file giving command to run it.
Without a copy of the SAS log file I fear that you might not have completely cleaned it.