You could try searching the file %SystemRoot%\system32\config\SysEvent.Evt for the last 6005 record. it contains.

Event Type:    Information
Event Source:    EventLog
Event Category:    None
Event ID:    6005
Date:        17/01/2004
Time:        09:36:52
User:        N/A
Computer:    YOURSERVER
Description:
The Event log service was started.
[download]

Under most normal circumstances, that would tell you exactly when the machine was last booted.

Decoding the event logs without using the api's (which as far as I know) you can only reasonably get at with perl 5 .something is a PITA as they are variable length records, but using an hex editor, searching for x'75 17' will get you close to the record and then comparing that with the Eventvwr display for the same record, it shouldn't be too hard to work out the date/time format. It's probably one of documented MS time formats. A little unpacking of likely target would get you what you need.