hello all …
i work on case in a windows 7 machine when i try to find the pluged USB's to that PC … i found a lot of them conncted at the same time exactly and this is impossible … so i convert my image to log timeline
the before last event before windows start update registry key's is
[105 / 0x0069] Source Name Microsoft-Windows-Diagnosis-DPS Strings ['{180B3A99-8C39-4F12-B631-2031998EFE45}' '{34A44436-A960-49FF-B6AD-724E6983349C}' '{00000000-0000-0000-0000-000000000000}' '%windir%\system32\radardt.dll' '{45DE1EA9-10BC-4F96-9B21-4B6B83DBF476}'] Computer Name XXXXXXXX Record Number 103782 Event Level 4
when i search about Microsoft-Windows-Diagnosis-DPS i found this
Description Diagnostic module %5 (%4) started troubleshooting scenario %1, instance %2, original activity ID %3.
Cause
This event is logged when diagnostic module started troubleshooting scenario.
Resolution
This is a normal condition. No further action is required.
source http//
and then it follows by this event before modifying registry keys ..
[21024 / 0x5220] Source Name OpsMgr Connector Strings ['PMOSCOM' 'bb3e246a60ea42e78ed5604a41dde836 926e39ad130e4459b5ff88bf961a27fa00001A66'] Computer Name XXXXXX Record Number 163705 Event Level 4
when i read about event id 21024 i found this info
Event Type Information
Event Source OpsMgr Connector
Event Category None
Event ID 21024Description
OpsMgr's configuration may be out-of-date for management group RON, and has
requested updated configuration from the Configuration Service. The
current(out-of-date) state cookie is "4E DC AB E6 FC F2 95 CE CF 02 D3 DE 6D
1E F7 3B 20 7D 22 F5 "
source https://
check the screenshot
so can anyone explain what happens there !!