I am considering this the "solution" to my problem:
http://support.microsoft.com/default.aspx?scid=kb;en-us;196452
Article ID : 196452
Last Review : July 15, 2004
Revision : 2.1
Why Windows NT Reports 6005, 6006, 6008, and 6009 Event Log Entries
SUMMARY
Windows NT 4.0 Service Pack 4 records the system startup and shutdown times and logs them in the event log with the following Event IDs:
• Event 6005 is logged at boot time noting that the Event Log service was started. It gives the message "The Event log service was started".
• Event 6006 is logged as a clean shutdown. It gives the message "The Event log service was stopped".
• Event 6008 is logged as a dirty shutdown. It gives the message "The previous system shutdown at time on date was unexpected".
• Event 6009 is logged during every boot and indicates the operating system version, build number, service pack level, and other pertinent information about the system. Depending on your current configuration, it gives a message similar to: "Microsoft (R) Windows NT 4.0 1381 Service Pack 6 Multiprocessor free".
These event IDs are logged for informational purposes only.
APPLIES TO
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional Edition
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows NT Server 4.0 Standard Edition
• Microsoft Windows NT Workstation 4.0 Developer Edition
• Microsoft Windows NT Server 4.0 Terminal Server
