Perhaps I posted this response incorrectly the first time, or it was
not noticed. So I will repeat it in hopes of getting further
assistance.

Thanks for taking the time to respond. But, I am still in a quandary.
Please see the two comments interleaved below.

On Wed, 7 May 2003 18:33:41 -0700, "Roger Abell [MVP]"
> wrote:

>"LostOne" > wrote in message ...
>> On Wed, 7 May 2003 10:52:57 -0700, "Jerry Bryant [MSFT]"
>> > wrote:
>>
>> >Title: Flaw in Windows Media Player Skins Downloading could allow Code
>> >Execution (817787)
>> >Date: May 7, 2003
>> >Software: Microsoft Windows Media Player 7.1; Microsoft Windows Media Player
>> >for Windows XP (Version 8.0)
>> >Impact: Arbitrary code execution
>> >Maximum Severity Rating: Critical
>> >Bulletin: MS03-017
>> >
>> >The Microsoft Security Response Center has released Microsoft Security
>> >Bulletin MS03-017
>> >
>> >What Is It?
>> >The Microsoft Security Response Center has released Microsoft Security
>> >Bulletin MS03-017 which concerns a vulnerability in Microsoft Windows Media
>> >Player versions 7.1 and 8.0. Customers are advised to review the
>> >information in the bulletin, test and deploy the patch immediately in their
>> >environments, if applicable.
>> >
>> >More information is now available at
>> >http://www.microsoft.com/technet/security/bulletin/MS03-017.asp
>> >
>> >If you have any questions regarding the patch or its implementation after
>> >reading the above listed bulletin you should contact Product Support
>> >Services in the United States at 1-866-PCSafety (1-866-727-2338).
>> >International customers should contact their local subsidiary.
>>
>>
>> Is it concievable that this problem could have migrated to Version 9?
>>
>
>No. See the bulletin
>http://microsoft.com/technet/security/bulletin/MS03-017.asp
>which states directly
>Windows Media Player 9 Series is not affected by this issue
>
>

But what if I had just recieved/loaded.downloaded the malicious file
while I was still using v8, immediately before upgrading to WMP9?
Wouldn't the malicious code still be somewhere on my computer?

>> I have been having continual Blue Screen serious errors ever since I
>> downloaded the installer for the upgrade. This happened at the same
>> time that this problem apparently was detected, around the first of
>> this month. Co-incidentally, I had also for the very first time
>> downloaded a skin from a non Microsoft Site, which I did not like, and
>> thought I had deleted.
>>
>> This blue screen is now occurring ever time I boot my computer. After
>> then re-booting, the computer seems to be operating properly.
>>
>> But I find this situation very troubling. I have searched the
>> Knowledge base with no results so far. I am at a loss. Ihave searched
>> for the error category (102), and also the other string which appears
>> in the event viewer (Error code 0000000a, parameter1 000000b0,
>> parameter2 00000002, parameter3 00000000, parameter4 804d71af.) The
>> search always gives no results.
>>
>
>0xA stop in due to an attempt to access memory while in the
>wrong execution state. This can happen from a program the
>corrupts its pointers, has overflowed a buffer, etc.
>Here, memory owned by the kernel is having an access attempt
>made on it by something that is not in kernel mode.
>If you have a blue screen traceback when this happens, the
>instruction causing the error is at address in parameter 4, so
>you can use the loaded modules list in the blue screen to find
>what contains that address and that is your culprit.
>Given the address that is being accessed (unsucessfully) is
>very low (parameter 1) you likely have something trying to
>use corrupt location info.
>

Please do not take offense, or think I am being a smartass. I
absolutely respect your technical expertise. But...

I really cannot understand most of what you just said, and what I do
understand has not led me to a solution.

By "blue screen traceback" do you mean the response from Microsoft to
the error report? That is very generic, and not in any way helpful. It
just says it is likely a driver problem, but they are unable to
determine anything more specific. I have opted to track it, but that
does not seem to accomplish anything.

I am in no way a technical person. Is it possible in simple terms to
tell me what to do? It sounds like you are telling me to do something
with the information in parameter 4. But I have no Idea what that
would be.

I probably sound like a jerk, but I am truly lost.

Any further comments are appreciated. And please forgive my technical
ineptitude.

Thank You.
LostOne (Still..)

>
>> I have done a couple of Restores to earlier times, but the blue screen
>> is still occuruing.
>>
>> (The manufacturer of my computer, a MAJOR brand which shall remain
>> nameless, has the same answer to every problem: Reinstall the OS and
>> all Drivers. No matter what the problem, that is their response. Seems
>> to me to be like amputation at the hip for a hangnail on the big toe.)
>>
>> If anyone out there has some input on this, I would greatly appreciate
>> it.
>>
>> Thank You
>> LostOne

Hi Gerry,

Again I say thank you for taking the time, I'm sure your
interpretation of the remarks is correct. But, again at the risk of
sounding like a total jerk, or a whiner, what do I actually do about
this?

Where can I find an actual solution?

Isn't that the purpose of these groups, to provide support?

Where is the solution? How do I actually fix this? Is there an answer?

Please, I really don't want to offend anyone. I simply really need
specific, instrutional help.

Please.
LostOne



On Thu, 08 May 2003 23:27:12 +0100, Gerry Hickman
> wrote:

>Hi LostOne,
>
>> But what if I had just recieved/loaded.downloaded the malicious file
>> while I was still using v8, immediately before upgrading to WMP9?
>> Wouldn't the malicious code still be somewhere on my computer?
>
>Quite possible, but whether it's (in any way) related to getting blue
>screens is an other matter...
>
>> Please do not take offense, or think I am being a smartass. I
>> absolutely respect your technical expertise. But...
>>
>> I really cannot understand most of what you just said, and what I do
>> understand has not led me to a solution.
>
>He's explaining what causes blue screens, and appears to understand it
>better than most PSS staff!
>
>> By "blue screen traceback" do you mean the response from Microsoft to
>> the error report?
>
>No, I think he means dumping the memory to disk, and loading it up in a
>debugger and then looking at the assembly code! Lots of fun, but perhaps
>not practical in your own situation:)
>
>> That is very generic, and not in any way helpful. It
>> just says it is likely a driver problem,
>
>I agree with you here. Some of these KB articles are very silly; it's
>not that what they say is incorrect, but they are designed to be as
>unhelpful as possible in cases where the "solution" is simply to
>horrible and complicated to contemplate.
>
>It's still worth writing down all the numbers and text, and doing a KB
>search though or posting on the "hardware" newsgroup for your O/S. Check
>your event logs too for any other errors - they may be related.
>
>It's quite rare for "malicious code" to cause blue screens, as the
>people who write the code are far too good at their job to allow that to
>happen - they tend to have a solid understanding of the kernel level.

LostOne wrote:
> Hi Gerry,
>
> Again I say thank you for taking the time, I'm sure your
> interpretation of the remarks is correct. But, again at the risk of
> sounding like a total jerk, or a whiner, what do I actually do about
> this?
>
> Where can I find an actual solution?
>
> Isn't that the purpose of these groups, to provide support?

General support, only as people have time to volunteer for. Not *necessarily*
detailed, step by step procedures for a specific case, due to time constraints.

> Where is the solution? How do I actually fix this? Is there an answer?

Call Tech Support for your specific product(s).

> Please, I really don't want to offend anyone. I simply really need
> specific, instrutional help.
>
> Please.
> LostOne

Hi LostOne, and thanks Gerry for the interpretations.

By the blue screen traceback what I meant is the screen=20
that will be displayed when this happens if your computer=20
is configured to not automatically go into a reboot.

When you have it set up that way, there is a bunch of stuff=20
that is difficult for someone that has not studied computer=20
science to use, one part of it is the traceback and another=20
is a list of what is loaded at the time. The traceback says=20
what had called what and was waiting for a return when=20
the last thing called failed. The list of loaded modules will=20
tell one the starting address of each in memory. This is=20
what I was saying one could use the parameter 4 with,=20
since the address in this parameter will fall within one of=20
the modules and that is what failed.

If you were to have the blue screen, sometimes the driver=20
responsible is named, if it is a driver, and from that name=20
xxxx.sys you can often tell what is the installed software or=20
device driver that is the problem.

Setting a machine to not automatically reboot is done in=20
the (r-click) properties of My Computer, on the Advanced=20
tab, within the Settings (button) of the Startup and Recovery=20
panel, which leads to a checkbox "Automatically restart"=20
that should be cleared in the System failure panel.

With only the info that something has thrown an IRQ=20
fault does not lead one very far toward a cure. One=20
needs to discover what did it. There are a couple of=20
named situations in the knowledge base, which means=20
that MS must have seen quite a few reports of these,=20
but only you can tell if they are relevant to your machine
video http://support.microsoft.com/?id=3D329293
audio http://support.microsoft.com/?id=3D329832
ipx networking http://support.microsoft.com/?id=3D818326
Easy CD version less than 5.1 http://support.microsoft.com/?id=3D310628
and another for problems undocking Toshibas.


As to whether something malicious that exploited the=20
vulnerability in WMP when you were at a different=20
version, that is rather hypothetical as it totally depends=20
on what that malicious code was. For example, code=20
that grabbed and sent out some piece of info about you=20
and exited would not have any persisting impacts, while=20
code that installed a trojan certainly could.

--=20
Roger=20

"LostOne" > wrote in message =
...
> Hi Gerry,
>=20
> Again I say thank you for taking the time, I'm sure your
> interpretation of the remarks is correct. But, again at the risk of
> sounding like a total jerk, or a whiner, what do I actually do about
> this?
>=20
> Where can I find an actual solution?
>=20
> Isn't that the purpose of these groups, to provide support?
>=20
> Where is the solution? How do I actually fix this? Is there an answer?
>=20
> Please, I really don't want to offend anyone. I simply really need
> specific, instrutional help.
>=20
> Please.
> LostOne
>=20
>=20
>=20
> On Thu, 08 May 2003 23:27:12 +0100, Gerry Hickman
> > wrote:
>=20
> >Hi LostOne,
> >
> >> But what if I had just recieved/loaded.downloaded the malicious =
file
> >> while I was still using v8, immediately before upgrading to WMP9?
> >> Wouldn't the malicious code still be somewhere on my computer?
> >
> >Quite possible, but whether it's (in any way) related to getting blue =

> >screens is an other matter...
> >
> >> Please do not take offense, or think I am being a smartass. I
> >> absolutely respect your technical expertise. But...
> >>=20
> >> I really cannot understand most of what you just said, and what I =
do
> >> understand has not led me to a solution.
> >
> >He's explaining what causes blue screens, and appears to understand =
it=20
> >better than most PSS staff!
> >
> >> By "blue screen traceback" do you mean the response from Microsoft =
to
> >> the error report?
> >
> >No, I think he means dumping the memory to disk, and loading it up in =
a=20
> >debugger and then looking at the assembly code! Lots of fun, but =
perhaps=20
> >not practical in your own situation:)
> >
> >> That is very generic, and not in any way helpful. It
> >> just says it is likely a driver problem,
> >
> >I agree with you here. Some of these KB articles are very silly; it's =

> >not that what they say is incorrect, but they are designed to be as=20
> >unhelpful as possible in cases where the "solution" is simply to=20
> >horrible and complicated to contemplate.
> >
> >It's still worth writing down all the numbers and text, and doing a =
KB=20
> >search though or posting on the "hardware" newsgroup for your O/S. =
Check=20
> >your event logs too for any other errors - they may be related.
> >
> >It's quite rare for "malicious code" to cause blue screens, as the=20
> >people who write the code are far too good at their job to allow that =
to=20
> >happen - they tend to have a solid understanding of the kernel level.
>

Hi Roger,

I appreciate your response more than I can say. And the extra time it
took to make this more understandable to me. Hopefully, you can have
some more patience with me after reading my follow up below and help
me begin to get a grasp of this and do something about it.

On Thu, 8 May 2003 23:59:09 -0700, "Roger Abell [MVP]"
> wrote:

>Hi LostOne, and thanks Gerry for the interpretations.
>
>By the blue screen traceback what I meant is the screen
>that will be displayed when this happens if your computer
>is configured to not automatically go into a reboot.
>

My computer does not automatically re-boot. It is set the way you
suggest below. So apparently I have traceback? I just can't understand
or interpret it.

When I have these blue screens, the only way I can get out is to power
down, then power up again. (Is there any way to either print, or
save the contents of the blue screen?)

>When you have it set up that way, there is a bunch of stuff
>that is difficult for someone that has not studied computer
>science to use, one part of it is the traceback and another
>is a list of what is loaded at the time. The traceback says
>what had called what and was waiting for a return when
>the last thing called failed. The list of loaded modules will
>tell one the starting address of each in memory. This is
>what I was saying one could use the parameter 4 with,
>since the address in this parameter will fall within one of
>the modules and that is what failed.
>
>If you were to have the blue screen, sometimes the driver
>responsible is named, if it is a driver, and from that name
>xxxx.sys you can often tell what is the installed software or
>device driver that is the problem.
>
I cannot say with certainty, (without causing another blue screen by
rebooting), but I am pretty sure no driver is specifically named. I am
always asked, after the re-boot to send the report to MS, and I
usually do, and ask to track it.

The response I get is always the same, essentially saying that it is
probably a driver but the exact cause cannot be determined.

I have had blue screens before, and not been terribly concerned ,
because they were very random, were usually preceeded by a specific
program having a problem and having to be closed down, and did not
recur with any frequency. And as I now look at the history of these
in the event viewer, they each mentioned different parameters, and are
not System errors. In other words they were unique and individual to
that specific event.

But these are happening during the boot, either cold or warm boot, and
every time I boot. And the record in event viewer is identical each
time. They are System errors, Category (201), and Event 1003. With a
bright red icon!

The string in event viewer is: Error code 0000000a, parameter1
000000b0, parameter2 00000002, parameter3 00000000, parameter4
804d71af.

Hopefully that information will be of use? None of the other items in
my event viewer has a category number, or that red icon. Makes me very
nervous.

It seems even more odd to me that there is this system error during a
boot, but then the next boot does not generate it, and is successful.

I have not booted in two days. I would rather leave it on and idle,
until I can figure out how to fix this.

>Setting a machine to not automatically reboot is done in
>the (r-click) properties of My Computer, on the Advanced
>tab, within the Settings (button) of the Startup and Recovery
>panel, which leads to a checkbox "Automatically restart"
>that should be cleared in the System failure panel.
>
>With only the info that something has thrown an IRQ
>fault does not lead one very far toward a cure. One
>needs to discover what did it. There are a couple of
>named situations in the knowledge base, which means
>that MS must have seen quite a few reports of these,

I'm sure they have. At least half a dozen reports from me in the last
10 days or so!

>but only you can tell if they are relevant to your machine
>video http://support.microsoft.com/?id=329293
>audio http://support.microsoft.com/?id=329832
>ipx networking http://support.microsoft.com/?id=818326
>Easy CD version less than 5.1 http://support.microsoft.com/?id=310628
>and another for problems undocking Toshibas.
>

None of these relate to my computer.

>
>As to whether something malicious that exploited the
>vulnerability in WMP when you were at a different
>version, that is rather hypothetical as it totally depends
>on what that malicious code was. For example, code
>that grabbed and sent out some piece of info about you
>and exited would not have any persisting impacts, while
>code that installed a trojan certainly could.

I only theorized about this, because my difficulties occurred
precisely when I had both downloaded a skin, from a non MS site, then
decided to upgrade WMP to v.9. Right after I did this, had two blue
screens in a row during processing, and then the screen on boot began.
Looking for help I was directed to the NGs by MS, immediately saw your
notice concerning the Security Bulletin. Seemed way too coincidental.
Is it not possible that in the time between I downloaded that skin,
and then did the upgrade, that some script or something had already
been executed on my computer.

(I probably sound like a paranoid idiot here, but I have only my own
sense of logic to use. I really am technically illiterate and inept.)

But it does seem to me that although the patch you linked to fixes the
vulnerability, if some invasion or other malicious thing has already
occured it would not be affected by the patch or the upgrade. Does
that make sense? If so, what can one do about it?

As far as the possiblity of a trojan goes, all I can say is I am
religious about keeping my virus definitions up to date, and that is
supposedly also including trojans.

I really appreciate the time you have given me, and hope you will find
the time to respond to me again.

Thank You
LostOne

Hi Gerry,

Again I say thank you for taking the time, I'm sure your
interpretation of the remarks is correct. But, again at the risk of
sounding like a total jerk, or a whiner, what do I actually do about
this?

Where can I find an actual solution?

Isn't that the purpose of these groups, to provide support?

Where is the solution? How do I actually fix this? Is there an answer?

Please, I really don't want to offend anyone. I simply really need
specific, instrutional help.

Please.
LostOne



On Thu, 08 May 2003 23:27:12 +0100, Gerry Hickman
> wrote:

>Hi LostOne,
>
>> But what if I had just recieved/loaded.downloaded the malicious file
>> while I was still using v8, immediately before upgrading to WMP9?
>> Wouldn't the malicious code still be somewhere on my computer?
>
>Quite possible, but whether it's (in any way) related to getting blue
>screens is an other matter...
>
>> Please do not take offense, or think I am being a smartass. I
>> absolutely respect your technical expertise. But...
>>
>> I really cannot understand most of what you just said, and what I do
>> understand has not led me to a solution.
>
>He's explaining what causes blue screens, and appears to understand it
>better than most PSS staff!
>
>> By "blue screen traceback" do you mean the response from Microsoft to
>> the error report?
>
>No, I think he means dumping the memory to disk, and loading it up in a
>debugger and then looking at the assembly code! Lots of fun, but perhaps
>not practical in your own situation:)
>
>> That is very generic, and not in any way helpful. It
>> just says it is likely a driver problem,
>
>I agree with you here. Some of these KB articles are very silly; it's
>not that what they say is incorrect, but they are designed to be as
>unhelpful as possible in cases where the "solution" is simply to
>horrible and complicated to contemplate.
>
>It's still worth writing down all the numbers and text, and doing a KB
>search though or posting on the "hardware" newsgroup for your O/S. Check
>your event logs too for any other errors - they may be related.
>
>It's quite rare for "malicious code" to cause blue screens, as the
>people who write the code are far too good at their job to allow that to
>happen - they tend to have a solid understanding of the kernel level.

LostOne wrote:
> Hi Gerry,
>
> Again I say thank you for taking the time, I'm sure your
> interpretation of the remarks is correct. But, again at the risk of
> sounding like a total jerk, or a whiner, what do I actually do about
> this?
>
> Where can I find an actual solution?
>
> Isn't that the purpose of these groups, to provide support?

General support, only as people have time to volunteer for. Not *necessarily*
detailed, step by step procedures for a specific case, due to time constraints.

> Where is the solution? How do I actually fix this? Is there an answer?

Call Tech Support for your specific product(s).

> Please, I really don't want to offend anyone. I simply really need
> specific, instrutional help.
>
> Please.
> LostOne

Hi LostOne, and thanks Gerry for the interpretations.

By the blue screen traceback what I meant is the screen=20
that will be displayed when this happens if your computer=20
is configured to not automatically go into a reboot.

When you have it set up that way, there is a bunch of stuff=20
that is difficult for someone that has not studied computer=20
science to use, one part of it is the traceback and another=20
is a list of what is loaded at the time. The traceback says=20
what had called what and was waiting for a return when=20
the last thing called failed. The list of loaded modules will=20
tell one the starting address of each in memory. This is=20
what I was saying one could use the parameter 4 with,=20
since the address in this parameter will fall within one of=20
the modules and that is what failed.

If you were to have the blue screen, sometimes the driver=20
responsible is named, if it is a driver, and from that name=20
xxxx.sys you can often tell what is the installed software or=20
device driver that is the problem.

Setting a machine to not automatically reboot is done in=20
the (r-click) properties of My Computer, on the Advanced=20
tab, within the Settings (button) of the Startup and Recovery=20
panel, which leads to a checkbox "Automatically restart"=20
that should be cleared in the System failure panel.

With only the info that something has thrown an IRQ=20
fault does not lead one very far toward a cure. One=20
needs to discover what did it. There are a couple of=20
named situations in the knowledge base, which means=20
that MS must have seen quite a few reports of these,=20
but only you can tell if they are relevant to your machine
video http://support.microsoft.com/?id=3D329293
audio http://support.microsoft.com/?id=3D329832
ipx networking http://support.microsoft.com/?id=3D818326
Easy CD version less than 5.1 http://support.microsoft.com/?id=3D310628
and another for problems undocking Toshibas.


As to whether something malicious that exploited the=20
vulnerability in WMP when you were at a different=20
version, that is rather hypothetical as it totally depends=20
on what that malicious code was. For example, code=20
that grabbed and sent out some piece of info about you=20
and exited would not have any persisting impacts, while=20
code that installed a trojan certainly could.

--=20
Roger=20

"LostOne" > wrote in message =
...
> Hi Gerry,
>=20
> Again I say thank you for taking the time, I'm sure your
> interpretation of the remarks is correct. But, again at the risk of
> sounding like a total jerk, or a whiner, what do I actually do about
> this?
>=20
> Where can I find an actual solution?
>=20
> Isn't that the purpose of these groups, to provide support?
>=20
> Where is the solution? How do I actually fix this? Is there an answer?
>=20
> Please, I really don't want to offend anyone. I simply really need
> specific, instrutional help.
>=20
> Please.
> LostOne
>=20
>=20
>=20
> On Thu, 08 May 2003 23:27:12 +0100, Gerry Hickman
> > wrote:
>=20
> >Hi LostOne,
> >
> >> But what if I had just recieved/loaded.downloaded the malicious =
file
> >> while I was still using v8, immediately before upgrading to WMP9?
> >> Wouldn't the malicious code still be somewhere on my computer?
> >
> >Quite possible, but whether it's (in any way) related to getting blue =

> >screens is an other matter...
> >
> >> Please do not take offense, or think I am being a smartass. I
> >> absolutely respect your technical expertise. But...
> >>=20
> >> I really cannot understand most of what you just said, and what I =
do
> >> understand has not led me to a solution.
> >
> >He's explaining what causes blue screens, and appears to understand =
it=20
> >better than most PSS staff!
> >
> >> By "blue screen traceback" do you mean the response from Microsoft =
to
> >> the error report?
> >
> >No, I think he means dumping the memory to disk, and loading it up in =
a=20
> >debugger and then looking at the assembly code! Lots of fun, but =
perhaps=20
> >not practical in your own situation:)
> >
> >> That is very generic, and not in any way helpful. It
> >> just says it is likely a driver problem,
> >
> >I agree with you here. Some of these KB articles are very silly; it's =

> >not that what they say is incorrect, but they are designed to be as=20
> >unhelpful as possible in cases where the "solution" is simply to=20
> >horrible and complicated to contemplate.
> >
> >It's still worth writing down all the numbers and text, and doing a =
KB=20
> >search though or posting on the "hardware" newsgroup for your O/S. =
Check=20
> >your event logs too for any other errors - they may be related.
> >
> >It's quite rare for "malicious code" to cause blue screens, as the=20
> >people who write the code are far too good at their job to allow that =
to=20
> >happen - they tend to have a solid understanding of the kernel level.
>

Hi Roger,

I appreciate your response more than I can say. And the extra time it
took to make this more understandable to me. Hopefully, you can have
some more patience with me after reading my follow up below and help
me begin to get a grasp of this and do something about it.

On Thu, 8 May 2003 23:59:09 -0700, "Roger Abell [MVP]"
> wrote:

>Hi LostOne, and thanks Gerry for the interpretations.
>
>By the blue screen traceback what I meant is the screen
>that will be displayed when this happens if your computer
>is configured to not automatically go into a reboot.
>

My computer does not automatically re-boot. It is set the way you
suggest below. So apparently I have traceback? I just can't understand
or interpret it.

When I have these blue screens, the only way I can get out is to power
down, then power up again. (Is there any way to either print, or
save the contents of the blue screen?)

>When you have it set up that way, there is a bunch of stuff
>that is difficult for someone that has not studied computer
>science to use, one part of it is the traceback and another
>is a list of what is loaded at the time. The traceback says
>what had called what and was waiting for a return when
>the last thing called failed. The list of loaded modules will
>tell one the starting address of each in memory. This is
>what I was saying one could use the parameter 4 with,
>since the address in this parameter will fall within one of
>the modules and that is what failed.
>
>If you were to have the blue screen, sometimes the driver
>responsible is named, if it is a driver, and from that name
>xxxx.sys you can often tell what is the installed software or
>device driver that is the problem.
>
I cannot say with certainty, (without causing another blue screen by
rebooting), but I am pretty sure no driver is specifically named. I am
always asked, after the re-boot to send the report to MS, and I
usually do, and ask to track it.

The response I get is always the same, essentially saying that it is
probably a driver but the exact cause cannot be determined.

I have had blue screens before, and not been terribly concerned ,
because they were very random, were usually preceeded by a specific
program having a problem and having to be closed down, and did not
recur with any frequency. And as I now look at the history of these
in the event viewer, they each mentioned different parameters, and are
not System errors. In other words they were unique and individual to
that specific event.

But these are happening during the boot, either cold or warm boot, and
every time I boot. And the record in event viewer is identical each
time. They are System errors, Category (201), and Event 1003. With a
bright red icon!

The string in event viewer is: Error code 0000000a, parameter1
000000b0, parameter2 00000002, parameter3 00000000, parameter4
804d71af.

Hopefully that information will be of use? None of the other items in
my event viewer has a category number, or that red icon. Makes me very
nervous.

It seems even more odd to me that there is this system error during a
boot, but then the next boot does not generate it, and is successful.

I have not booted in two days. I would rather leave it on and idle,
until I can figure out how to fix this.

>Setting a machine to not automatically reboot is done in
>the (r-click) properties of My Computer, on the Advanced
>tab, within the Settings (button) of the Startup and Recovery
>panel, which leads to a checkbox "Automatically restart"
>that should be cleared in the System failure panel.
>
>With only the info that something has thrown an IRQ
>fault does not lead one very far toward a cure. One
>needs to discover what did it. There are a couple of
>named situations in the knowledge base, which means
>that MS must have seen quite a few reports of these,

I'm sure they have. At least half a dozen reports from me in the last
10 days or so!

>but only you can tell if they are relevant to your machine
>video http://support.microsoft.com/?id=329293
>audio http://support.microsoft.com/?id=329832
>ipx networking http://support.microsoft.com/?id=818326
>Easy CD version less than 5.1 http://support.microsoft.com/?id=310628
>and another for problems undocking Toshibas.
>

None of these relate to my computer.

>
>As to whether something malicious that exploited the
>vulnerability in WMP when you were at a different
>version, that is rather hypothetical as it totally depends
>on what that malicious code was. For example, code
>that grabbed and sent out some piece of info about you
>and exited would not have any persisting impacts, while
>code that installed a trojan certainly could.

I only theorized about this, because my difficulties occurred
precisely when I had both downloaded a skin, from a non MS site, then
decided to upgrade WMP to v.9. Right after I did this, had two blue
screens in a row during processing, and then the screen on boot began.
Looking for help I was directed to the NGs by MS, immediately saw your
notice concerning the Security Bulletin. Seemed way too coincidental.
Is it not possible that in the time between I downloaded that skin,
and then did the upgrade, that some script or something had already
been executed on my computer.

(I probably sound like a paranoid idiot here, but I have only my own
sense of logic to use. I really am technically illiterate and inept.)

But it does seem to me that although the patch you linked to fixes the
vulnerability, if some invasion or other malicious thing has already
occured it would not be affected by the patch or the upgrade. Does
that make sense? If so, what can one do about it?

As far as the possiblity of a trojan goes, all I can say is I am
religious about keeping my virus definitions up to date, and that is
supposedly also including trojans.

I really appreciate the time you have given me, and hope you will find
the time to respond to me again.

Thank You
LostOne