I'm pretty sure this caused the following:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
5/9/2017 2:20:10 PM,High,An intrusion attempt by geheppauld.com was blocked.,Blocked,No Action Required,System Infected: Trojan.Snifula Activity 9,No Action Required,No Action Required,"geheppauld.com (188.8.131.52, 80)",geheppauld.com/ls5/forum.php,"ROBINSTOSHIBA (192.168.1.106, 55232)",geheppauld.com (184.108.40.206),"TCP, www-http"
Network traffic from <b>geheppauld.com/ls5/forum.php</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
I got to this website via the "Word Power Package" tool, which I have also reviewed (negatively). The page at everyonecanmanage.com appears to reload itself over and over. No specific damage detected, but coupled with the questionable behavior of the Word Power Package, it is all very suspicious.
I downloaded the Word Power Package. It seemed to work fine for a few days. Then, upon opening Word today, I was prompted with a dialog that said something like "Enter valid serial", with a link to "Get a valid serial". The link went to a website (http://everyonecanmanage.com) that appeared to reload the same page over and over. There is no way to close the dialog to use word. I could find no way to unstill the Word Power Package other than by removing files and editing the registry manually.