After someone said some kind of Norton message came up (though unfortunately they didn't see what) I have been looking through the security history in NIS 2010 and noticed alot of odd entries from around that time. I've never seen a lot of these entries so I am wondering what on earth is going on, whether this is stuff that has been there all along but is only showing since updated to NIS 2010 or an actual attack?

Since I really don't know what most of these are I'll just type up the entries for simplicity:

First entry is simply : 19:32 No User's logged in.

1 minute later (19:33), 2 entries of 'Firewall rules automatically created for Spooler Subsystem App' (Spoolsv.exe in system32).

Still in 19:33 - Intrusion prevention Engine version 4.5.0.67 Definitions Set version: '

- Intrusion prevention monitoring 1558 signatures.

- Intrusion prevention enabled.

- Firewall rules automatically created for Services and Controller app.  x 2 (services.exe, system32)

-  Firewall automatically created for Local Security Authority process.  x 2 (lsass.exe, system32)

-  Connected to shared network

- Connected to protected network

19:34- Firewall configurations updated , 3 entries, first to 108, then to 110 then to 112.

- 6 entries for 'Protecting your connection to a newly detected network on adapter Terendo Tunneling Pseudo Interface' (Ip address - lots of random numbers/letters, different every time)

- Connected to protected network.

- User Logged in.

19:37 - Tracking cookie detected by virus scanner

19:38 - Unauthorized access logged (Access process data) - Actor - CONHOST.EXE in system32, target file was cltlmh.exe , in Norton Internet Security/engine.

Thank you for any help you might be able to provide.