You have a lot of ORs there, so effectively any ONE of those things will trigger your rule to fire. Are your other events getting generated from services being stopped on your Avantis server (ServiceStop.DetectionIP=*avantis*)?
Should those inside OR groups actually be AND?