Bug Check 0x10D WDF_VIOLATION

[Angelika]

Blue Screen BSOD 0x0000010D
Win 7 64-bit

System failure occurs during:
1. System startup/boot (very long startup)
2. and "Sleep"

a)System Restore - does not solve the problem (even many months back)
b)Disable all non-Microsoft services
c)Uninstalling all programs does not solve the problem
d)The best solutions on the web do not solve the problems
e) Use WR not solve problem
f) Use Malwarebytes , ESET, everything not solve problem
g) SFC /SCANNOW not solve problem

WDF_VIOLATION (10d)
The Kernel-Mode Driver Framework was notified that Windows detected an error
in a framework-based driver. In general, the dump file will yield additional
information about the driver that caused this bug check.
Arguments:
Arg1: 000000000000000d, A power irp was received for the device but the irp was not
   requested by the device (the power policy owner). Possibly there
   are multiple power policy owners. Only one driver in the stack can
   be the power policy owner. A KMDF driver can change power policy
   ownership by calling the DDI WdfDeviceInitSetPowerPolicyOwnership.
Arg2: fffffa800dfca040, Device object pointer.
Arg3: fffffa801162b440, Power Irp.
Arg4: fffffa800ddae420, Reserved.


---------------------
ADDITIONAL_DEBUG_TEXT: 
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: fffff8000321d000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  51c51641

BUGCHECK_STR:  0x10D_d

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff88000c23d6f to fffff8000328de00

STACK_TEXT: 
fffff880`009eea18 fffff880`00c23d6f : 00000000`0000010d 00000000`0000000d fffffa80`0dfca040 fffffa80`1162b440 : nt+0x70e00
fffff880`009eea20 00000000`0000010d : 00000000`0000000d fffffa80`0dfca040 fffffa80`1162b440 fffffa80`0ddae420 : Wdf01000+0x23d6f
fffff880`009eea28 00000000`0000000d : fffffa80`0dfca040 fffffa80`1162b440 fffffa80`0ddae420 fffffa80`1162b440 : 0x10d
fffff880`009eea30 fffffa80`0dfca040 : fffffa80`1162b440 fffffa80`0ddae420 fffffa80`1162b440 0000057f`f200ccd8 : 0xd
fffff880`009eea38 fffffa80`1162b440 : fffffa80`0ddae420 fffffa80`1162b440 0000057f`f200ccd8 fffffa80`0dfca040 : 0xfffffa80`0dfca040
fffff880`009eea40 fffffa80`0ddae420 : fffffa80`1162b440 0000057f`f200ccd8 fffffa80`0dfca040 fffffa80`0de48020 : 0xfffffa80`1162b440
fffff880`009eea48 fffffa80`1162b440 : 0000057f`f200ccd8 fffffa80`0dfca040 fffffa80`0de48020 fffff880`00c056f2 : 0xfffffa80`0ddae420
fffff880`009eea50 0000057f`f200ccd8 : fffffa80`0dfca040 fffffa80`0de48020 fffff880`00c056f2 00000000`00000002 : 0xfffffa80`1162b440
fffff880`009eea58 fffffa80`0dfca040 : fffffa80`0de48020 fffff880`00c056f2 00000000`00000002 0000057f`f200ccd8 : 0x57f`f200ccd8
fffff880`009eea60 fffffa80`0de48020 : fffff880`00c056f2 00000000`00000002 0000057f`f200ccd8 fffffa80`0dfca040 : 0xfffffa80`0dfca040
fffff880`009eea68 fffff880`00c056f2 : 00000000`00000002 0000057f`f200ccd8 fffffa80`0dfca040 fffffa80`1162b402 : 0xfffffa80`0de48020
fffff880`009eea70 00000000`00000002 : 0000057f`f200ccd8 fffffa80`0dfca040 fffffa80`1162b402 fffffa80`1162b440 : Wdf01000+0x56f2
fffff880`009eea78 0000057f`f200ccd8 : fffffa80`0dfca040 fffffa80`1162b402 fffffa80`1162b440 00000000`00000004 : 0x2
fffff880`009eea80 fffffa80`0dfca040 : fffffa80`1162b402 fffffa80`1162b440 00000000`00000004 00000000`00000000 : 0x57f`f200ccd8
fffff880`009eea88 fffffa80`1162b402 : fffffa80`1162b440 00000000`00000004 00000000`00000000 fffff800`0329585f : 0xfffffa80`0dfca040
fffff880`009eea90 fffffa80`1162b440 : 00000000`00000004 00000000`00000000 fffff800`0329585f fffffa80`12ec32d8 : 0xfffffa80`1162b402
fffff880`009eea98 00000000`00000004 : 00000000`00000000 fffff800`0329585f fffffa80`12ec32d8 fffff880`00e72ccc : 0xfffffa80`1162b440
fffff880`009eeaa0 00000000`00000000 : fffff800`0329585f fffffa80`12ec32d8 fffff880`00e72ccc 00000000`00000000 : 0x4


STACK_COMMAND:  kb

FOLLOWUP_IP:
Wdf01000+23d6f
fffff880`00c23d6f ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Wdf01000+23d6f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Wdf01000

IMAGE_NAME:  Wdf01000.sys

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------
fvevol.sys   fvevol.sys+2d9c   fffff880`00c00000   fffff880`00c3a000   0x0003a000   0x5100a65c   24-01-13 05:11:24                  
ntoskrnl.exe   ntoskrnl.exe+7745f   fffff800`03213000   fffff800`037f9000   0x005e6000   0x598d4845   11-08-17 08:01:41   Microsoft® Windows® Operating System   NT Kernel & System   6.1.7601.23915 (win7sp1_ldr.170913-0600)   Microsoft Corporation   C:\Windows\system32\ntoskrnl.exe   
Wdf01000.sys   Wdf01000.sys+23d6f   fffff880`00ebe000   fffff880`00f80000   0x000c2000   0x51c51641   22-06-13 05:13:05      
usbehci.sys   usbehci.sys+566f310   fffff880`059b8000   fffffaa0`059ca000   0x0000022000012000   0x57b37a2c   16-08-16 22:40:12                  
Wdf01000.sys   Wdf01000.sys+23d6f   fffff880`00ec6000   fffff880`00f88000   0x000c2000   0x51c51641   22-06-13 05:13:05                  
            

[Boggin]

We are a bit short on BSOD experts on here - can I suggest that you register and post your problem on the www.sysnative.com forum in the relevant section.

To save you from writing all that out again, you could copy & paste it into your thread on there.

[Angelika]

I am not an expert, I can be even a beginner and sometimes extremely complicated, complex problems I can solve.
Probably I know what causes the problem, but I would like to know if any expert will be able to tell you correctly which causes this problem.
Because I have now found a solution to a problem that does not even exist in the Entire Internet
Ps. Even Microsoft experts give me the wrong solution.
They even offered to Repair the System. But why?
How can solve this problem in a few seconds.

Wdf01000+23d6f

[Boggin]

So have you fixed it ?

[Angelika]

sysnative.com ???



On the page is a malicious code that phishing information.
Well, the web browser has super prevented the data from being stolen!

Code: [Select]

has detected an unusual code on this site and blocked it to protect your personal information (such as passwords, phone numbers, or credit card information).
Open the site home page.

ERR_BLOCKED_BY_XSS_AUDITOR
Many times on some sites they have stolen my data (LEAKS DATA), so be careful.

[Boggin]

I tested the link before posting and I didn't get any alerts from Norton Security, but I'll pass this onto a member on here who I believe is an active member of that forum.

I don't post on there but I know from Google searches they have some talented people which is why I referred you to it.

[Angelika]

I do not trust some sites.
They steal information.
Some information can be found on the internet! They leaked to the internet !!!
example: http://hash-killer.com/dict/2/f/b/f

My logs, password and more. Seriously!

[Boggin]

I don't understand that log but I've just been back to www.sysnative.com and Norton Identity Safe comes up as the page is safe.

In IE, Windows Smartscreen Firewall would also snag the page if it was unsafe.

Which browser are you using ?

[axe0]

Sysnative has recently moved the site to a different server platform, the migration has caused a lot of issues that have been resolved.

What browser have you used for accessing Sysnative.com?

[Boggin]

IE 11 - and I've just tried it with Firefox without any alerts popping up.

I'm still waiting for Angelika to get back with what she is using.

[Angelika]

I tried to publish a reply, but the browser SlimJet has blocked this possibility, because the malicious code detected on the page.
Modertaor removed my post. And very well. Because my problem was solved.
Also, the tool proposed to collect logs did not work properly and collected a lot of private information that I did not want to share with anyone.

[Boggin]

That's good news.

I've been in PM contact with a forum member who is also on the Sysnative forum and he has contacted their site admins who are looking into it.

As it has been resolved then there will be no need to describe the step by step that leads to this error.

Did you manage to resolve the BSOD problem yourself ?

[tom982]

Hello Angelika,

I'm one of the Sysnative Forums administrators.

has detected an unusual code on this site and blocked it to protect your personal information (such as passwords, phone numbers, or credit card information).
Open the site home page.

ERR_BLOCKED_BY_XSS_AUDITOR

What were you doing when SlimJet showed you this error?

On the page is a malicious code that phishing information.

Can you link me to any pages with this 'malicious code', or pages that are 'phishing information'?

Many times on some sites they have stolen my data (LEAKS DATA), so be careful.

Simply register with new email and a random username/password, then it doesn't matter in the slightest if you end up in any leaks (which, for the record, has never happened to us). We don't handle payments, nor do we require any personal details, so I'm not sure what there is to 'be careful' about.

If you have any other questions or concerns, please let me know.

Tom

[Boggin]

Hi Tom - thanks for coming in.

From the OP's last post it is Slimjet browser and not Chrome.

Tom.

[tom982]

Oops, so they do - I'll edit my post.

Thanks, Boggin.

[Boggin]

Oops, so they do - I'll edit my post.

Thanks, Boggin.

Andy (satrow) has already PM'd me that he's checked out the forum with Slimjet and found nothing untoward, but Angelika has already posted that the problem has been resolved so she may not be able to replicate it.

I'm assuming that relates to the browser error message and not her BSOD.

Tom.

[Angelika]

I just wanted to reply to the post with a quote, and got this information about the malicious code.

[tom982]

I just wanted to reply to the post with a quote, and got this information about the malicious code.

I don't think you understand what this error actually means.

You can read more on it here: https://www.virtuesecurity.com/blog/understanding-xss-auditor/

The response is blocked because it resembles the request which, by the very nature of a WYSIWYG editor, isn't all that surprising.

What about these pages that are 'phishing information'?