FileRepMetagen detected by Avast

[REDACTED]

Hello, I've spent the past couple of days upgrading someone's laptop to Windows 10.

After installing Avast I realized that the program detected a  "FileRepMetagen" infectionat msaudioeng.exe located in App\Data\Local\Temp, the program blocked the thread, sent the file to quarantine and prompted me to restart the system and do a boot scan to make sure there's no infections left, I left the scan run but the cycle repeats, as soon as the system restarts the infection gets blocked and Avast asks me to perform a boot scan.
Additionally, I noticed that the warning doesn't trigger if my internet is down when I restart the system.
Feedback would be appreciated! I'll attach the proper logs.

[essexboy]

As it stands I can see no infection, I believe that this may be a false positive.  Could you submit to Avast from the virus chest

[REDACTED]

I'm very confused by this, the file keeps showing up after every restart.
Thanks for the reply! I just submitted the file, the scan says that the file was detected by the taskeng.exe process too so I'm utterly confused about this being a false positive or not.

Maybe my registry isn't clean?
This situation is oddly similar t this https://forum.avast.com/index.php?topic=169463.0 I'm tempted to run the script but as stated, that only applies to that user.

[essexboy]

I can see no registry that that triggers it to start, lets empty the temp folder could you post the full path

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

After countless restarts, scans and running the file, the detection still persists.
Apparently, on top of the  FileRepMetagen detection, Avast also detects and blocks a Win32:Malware-gen infection every time the system starts up and there's internet connection.
Here's the log.

[essexboy]

OK that tells me it is running as a task..  What is the full path to that file

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Task: {395509BA-93E3-4E3C-8284-DF30FBCD9982} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {3956C0BC-97C7-4B87-B30C-875BF3834A73} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {43CBC954-57E7-477F-BB1E-4D99291B73A4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {54BFFD46-A170-4C96-9044-EE1AF4614754} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {7F9661C2-44C1-4AA1-B3C8-3BD93BABC8EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {84C5D55E-CCC9-4697-B81A-C6C8506EC29B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {9AE2E5FF-5390-4E18-B92F-E35C2D9549C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {9C5294C7-86A3-45A5-ABD0-DA78B6FA9F6E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {BA1862F8-840F-47B6-BAA8-12EFB2ED9454} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {D2014A6F-72EE-4BD7-A171-D6E2D2EC416B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {F796414B-1AA2-411D-A7CB-8D1D512F2420} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here's the log, the infection remains after restarting.
According to Avast's log the full path is [Chest] C:\Users\Francisco Cardoso\AppData\Local\Temp\msaudioeng.exe, naturally the file is gone after the detection since it gets sent to quarantine, so t gets created every time I restart Windows.

Here's the log

[essexboy]

OK run FRST and in the search box type :

msaudioeng.exe

Then press the search registry button
On completion a report.txt will be generated please post that

[REDACTED]

Search.txt was generated instead of report.txt, here's the file.
Edit:
I see some important information in the log, is this a keylogger? As I've mentioned before, this isn't my computer it's a family member's and I was just upgrading it and scaning for maware. I had to access my email account here to register here so hopefully I'm not at risk.

[essexboy]

No it looks as though edge stores its data in the registry for some reason

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-21-3814934023-2203844418-3234572544-1001\SOFTWARE\940e37e4c37c12466498af104f8c7f07" /f
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here's the log, the program prompted me to restart after running fix and the infection is still there.

[essexboy]

OK I will need to have a little think about this one

Meanwhile ..

Click here and select the blue Run ESET Online Scanner button:


If using Internet Explorer:

• Accept the Terms of Use and click Start
  
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• A link to esetsmartinstaller_enu.exe will be provided. Make sure to download it to the desktop
  
• Double click esetsmartinstaller_enu.exe
  
• Allow the Terms of Use and click Start
  
  To perform the scan:
  
  
• Make sure that Enable detection of potentially unwanted applications is checked.
  
• In the Advanced Settings dropdown menu:
  
  
• Make sure that Remove found threats is unchecked
  
• Scan archives is checked
  
• Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
  
• Use custom proxy settings is unchecked
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic]

[REDACTED]

I appreciate the help so far.
ESET found something a bit more concrete, two infections I believe so here's the log.

[essexboy]

OK that confirmed it, I have also checked my windows 10 and the location for that file is wrong

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Windows\taskeng.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

Here's the log, it seems like the infection is gone after this restart since I haven't seen the usual detection so far.
Any additional steps or precautions to make sure this system is clean?