Log Name:      System
Source:        Service Control Manager
Date:          20/08/2014 08:41:07
Event ID:      7036
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      as-PC_win7H_vm
Description:
The Tweaking Run As System 6349 service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-20T07:41:07.429006600Z" />
    <EventRecordID>43531</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="10064" />
    <Channel>System</Channel>
    <Computer>as-PC_win7H_vm</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Tweaking Run As System 6349</Data>
    <Data Name="param2">stopped</Data>
    <Binary>54007700650061006B0069006E006700520075006E0041007300530079007300740065006D0036003300340039002F0031000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          20/08/2014 08:41:07
Event ID:      7036
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      as-PC_win7H_vm
Description:
The Tweaking Run As System 6349 service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-20T07:41:07.278790600Z" />
    <EventRecordID>43530</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="10064" />
    <Channel>System</Channel>
    <Computer>as-PC_win7H_vm</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Tweaking Run As System 6349</Data>
    <Data Name="param2">running</Data>
    <Binary>54007700650061006B0069006E006700520075006E0041007300530079007300740065006D0036003300340039002F0034000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          20/08/2014 08:41:07
Event ID:      7045
Task Category: None
Level:         Information
Keywords:      Classic
User:          as-PC_win7H_vm\as
Computer:      as-PC_win7H_vm
Description:
A service was installed in the system.

Service Name:  Tweaking Run As System 6349
Service File Name:  "C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe" 6349[]||cmd.exe||[]/c start /HIGH cmd.exe /c ||C:\Windows\Temp\temp818.bat|| & exit
Service Type:  user mode service
Service Start Type:  demand start
Service Account:  LocalSystem
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7045</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-20T07:41:07.108545800Z" />
    <EventRecordID>43529</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="4976" />
    <Channel>System</Channel>
    <Computer>as-PC_win7H_vm</Computer>
    <Security UserID="S-1-5-21-2888749424-1926031989-2962068069-1001" />
  </System>
  <EventData>
    <Data Name="ServiceName">Tweaking Run As System 6349</Data>
    <Data Name="ImagePath">"C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\tweaking_ras.exe" 6349[]||cmd.exe||[]/c start /HIGH cmd.exe /c ||C:\Windows\Temp\temp818.bat|| &amp; exit</Data>
    <Data Name="ServiceType">user mode service</Data>
    <Data Name="StartType">demand start</Data>
    <Data Name="AccountName">LocalSystem</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          20/08/2014 08:40:48
Event ID:      7032
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      as-PC_win7H_vm
Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
An instance of the service is already running.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7032</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-20T07:40:48.121243400Z" />
    <EventRecordID>43528</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="10064" />
    <Channel>System</Channel>
    <Computer>as-PC_win7H_vm</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">1</Data>
    <Data Name="param2">Restart the service</Data>
    <Data Name="param3">Windows Modules Installer</Data>
    <Data Name="param4">%%1056</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Service Control Manager
Date:          20/08/2014 08:40:38
Event ID:      7036
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      as-PC_win7H_vm
Description:
The Software Protection service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="16384">7036</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-20T07:40:38.607563400Z" />
    <EventRecordID>43527</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="10064" />
    <Channel>System</Channel>
    <Computer>as-PC_win7H_vm</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Software Protection</Data>
    <Data Name="param2">running</Data>
    <Binary>7300700070007300760063002F0034000000</Binary>
  </EventData>
</Event>