When I opened Microsoft Word the firs time, Avast blocked an item:
hxxp://113.171.224.166/videoplayer/MuCatalogWebControl.cab?ich_u_r_i=142a3e282dbcaff8fd10a3828395ae3c&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1645058930750863212401&ich_t_y_p_e=7786&ich_d_i_s_k_i_d=1&ich_u_n_i_t=1
I run Fabar scan tool and I found it on:
Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1376529215-2312862276-3070222701-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1376529215-2312862276-3070222701-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-30] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-30] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://113.171.224.166/videoplayer/MuCatalogWebControl.cab?ich_u_r_i=142a3e282dbcaff8fd10a3828395ae3c&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1645058930750863212401&ich_t_y_p_e=7786&ich_d_i_s_k_i_d=1&ich_u_n_i_t=1 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
I use WHOIS tool and the IP is pretty legit. Also googling returns that Mu Catalog Web Control is a normal thing.
Update: I download Movie Maker from here http://windows.microsoft.com/en-us/windows/movie-maker
The download tool could not download because Avast blocked this:
http://113.171.224.169/videoplayer/catalog-web.cab?ich_u_r_i=08b9c5cabe85f342337fe93ef0909621&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1645058931750063032400&ich_t_y_p_e=7785&ich_d_i_s_k_i_d=7&ich_u_n_i_t=1
so I’m pretty sure this is a false detection.