Windows 10 “Attempted Switch from DPC” Blue screen caused by Acronis Scanman

I have spent some time diagnosing a sick PC which intermittent BSOD (Blue Screen of Death) and decided against the recommended “nuke from orbit” approach to it, instead deciding stubbornly that the machine was in fact recoverable with all user settings and files intact.

I updated the latest BIOS and AMD chipset drivers, even though Asus had long since given up keeping the driver library refreshed for this old motherboard.

That didn’t work. So next thing was to install something to help diagnose the BSOD events. Event Viewer isn’t a lot of use, but Windows tends to drop “dump” files when it crashes and if you know what you are looking at, they can help identify the culprit. If not, use a tool that makes it easier. I recommend “WhoCrashed” for this sort of thing:

In my case, the culprit seemed to be SCANMAN.SYS, a driver by Acronis which does a great job of shifting disk chunks around for replication or backup operations. In my case though, those tools hand long since been removed. The Windows 10 Anniversary update had somehow made this dormant file into some kind of psychopath. It needed to go. But removing it is not just a case of hitting delete. Do two things first (just in case something goes wrong and you need to roll-back or boot from USB and run a startup-repair:

  • Create a System Restore point
  • Create a USB Recovery Drive

Now for the messy bit (the long-hand version is here: https://kb.acronis.com/content/1620).

  • Go to the Start, Run Type “regedit” and click OK. This will open the Registry Editor
  • Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E967-E325 -11CE-BFC1-08002BE10318}
  • In the “UpperFilters” key, remove any reference to “snapman” but leave any other values in place. For example “cat snapman dog” becomes “cat dog”.
  • If it exists, in the “Lowerfilters” key, do the same.
  • Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{71A27CDD-812A -11D0-BEC7-08002BE2092F}
  • In the “UpperFilters” key, remove any reference to “snapman” but leave any other values in place. For example “cat snapman dog” becomes “cat dog”.
  • If it exists, in the “Lowerfilters” key, do the same.
  • Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snapman
  • Create a new REG_DWORD value, name it DeleteFlag and set it with a value of 1
  • Edit or create a REG_DWORD value named Start and set it with a value of 4
  • Reboot
  • After the reboot, navigate to this folder: C:\windows\system32\drivers and rename snapman.sys to snapman.old. If it isn’t there, the reboot removed it already.
    Reboot again and then create a new Restore Point.

    If at any point the PC fails to load due to “inaccessible boot device”, simply plug in the USB recovery drive you created earlier and under the advanced menu, choose “Repair Startup. That will tidy up the registry entries and make it work again.

    At this point I recommend running something like Wise Registry Cleaner to tidy things up.

    You should be good now. 🙂

Leave a Reply