59549: Acronis True Image: BSOD due to snapman.sys

Introduction

This article explains how to resolve a problem, when Windows does not boot and snapman.sys is mentioned on the blue screen (BSOD), after an attempt to uninstall or force remove Acronis software.

Symptom

BSOD during computer bootup related to snapman.sys after removal of Acronis software. Windows does not boot in normal or safe mode.

If there was no attempt to remove/uninstall Acronis software before the issue occurred, following instructions in this article will fix the problem with booting Windows, but Acronis software would be non-functional and would require running the installation file and performing repair installation.

Cause

Snapman service has not been properly removed from the Windows registry during uninstallation or forced removal. For example, Acronis Cleanup Utility was used, but the system registry was not checked before rebooting as required by Acronis Cleanup Utility instructions.

Solution

Use a WinPE or WinRE-based bootable media to remove the snapman service from Windows' boot chain:

  1. Boot the machine with WinPE/RE media. If you already have a bootable media, but are not sure whether it is WinPE/RE-based, try booting it and see if Windows logo appears at the boot time. If it does not appear, then you have a Linux-based media. You can create a WinPE/RE media from a different Windows computer by installing Acronis True Image and activating your license on it. There are no penalties for temporarily assigning the license on a different computer to create the bootable media.

    WinRE/WinPE is the default type of bootable media, created by Acronis True Image 2019 and 2018. If you have versions 2015, 2016 or 2017 of Acronis True Image, follow instructions here to create a WinPE-based media.

  2. Once booted into WinPE/RE media on the computer in question, click to select the command prompt window behind the Acronis True Image window (alternatively, use Alt+Tab key combination to switch between windows):
  3. Type:
    regedit.exe

  4. In the left pane, click to select HKEY_LOCAL_MACHINE:
  5. In the File menu, select Load Hive:
  6. Navigate to the Windows system that is requiring repair. In most cases, it will be listed as drive C:
  7. Navigate to Windows, then System32, and then config. Select the SYSTEM hive and click Open:
  8. Specify the name REMOTE_SYSTEM and click OK:
  9. Navigate to HKEY_LOCAL_MACHINE\REMOTE_SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}:
  10. In the right pane, locate UpperFilters:
  11. Check whether snapman is listed under UpperFilters.
  12. If it is present, right-click UpperFilters, and then click Modify:
  13. Remove snapman, and then click OK. Be careful not to remove any other entries.
  14. Navigate to HKEY_LOCAL_MACHINE\REMOTE_STSTEM\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}.
  15. In the right pane, locate UpperFilters.
  16. Check whether snapman is listed in UpperFilters.
  17. If it is present, right-click UpperFilters, and then click Modify. Remove snapman, and then click OK. Be careful not to remove any other entries.
  18. Navigate to HKEY_LOCAL_MACHINE\REMOTE_SYSTEM\ControlSet001\Services:
  19. Scroll down and locate the snapman service. Right-click snapman, and then select Delete to remove the service:
  20. Click to select HKEY_LOCAL_MACHINE\REMOTE_SYSTEM:
  21. In the File menu, select Unload Hive. This will save the changes you made.
  22. Reboot your computer. Windows should start normally.

Tags: 

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
3 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.