Solved Safe Removal of Acronis True Image Drivers

Steve C

Member
Power User
Messages
275
Location
UK
I installed the trial version of ATI 2013 a while ago then uninstalled it from my Windows 8.1 PC. I thought nothing more of ATI until this week when I was reviewing the drivers on my PC using Autoruns. This showed that the Acronis driver driver vsflt53.sys is still loading on boot despite uninstalling True Image - see the entry below from Autoruns:

vidsflt53
Acronis Virtual Disk Storage Filter
c:\windows\system32\drivers\vsflt53.sys 12/04/2011 11:31

The Acronis vsflt53.sys driver runs at boot and is associated with all disc drives on the PC!!!

I then discovered following a Google search that there are severe pitfalls if the driver is not removed correctly - see the following useful posts:

Error | Wilders Security Forums...
https://forum.acronis.com/forum/27907

I understand the following procedure to edit Registry keys needs to be followed to remove the Acronis driver:

To avoid "blue screen" death traps, any cleanup MUST be done in the following order:
1) Removal of any residual Acronis device class UpperFilters and LowerFilters entries;
2) Removal of any residual Acronis "required for boot" (start=0x00000000) filter services;
3) Removal (optional) of any residual Acronis filter service drivers files.

The first step is the most critical for restoring normal OS control of storage devices. You'll find the relevant UpperFilters and LowerFilters entries under the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

Do NOT remove any of the driver files until you have cleaned up BOTH the DiskDrive and Volume device class filters entries (step 1)AND the Acronis filter services entries that use those drivers (step 2).

My problem is that I also have Acronis driver entries in the following keys for ControlSet001:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vidsflt53

I have several questions:

1. Should I also remove the Acronis driver entries in the ControlSet001 keys above?
2. Does the presence of the offending driver vsflt53.sys affect my PC's performance?
3. Are there any other issues to consider before attempting to remove the remaining Acronis driver?
 

My Computer

System One

  • OS
    Windows 8.1 64 bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Build
    CPU
    Intel i3570K
    Motherboard
    Gigabyte GA-77X-UD5H
    Memory
    16 GB
    Graphics Card(s)
    Sapphire R9 280X Toxic
    Sound Card
    Realtek on motherboard
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Intel 520 180GB SSD
    Seagate 2T HDD
    Seagate external 1T USB HDD
    PSU
    XFX 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft
    Mouse
    Microsoft
    Internet Speed
    50Mbps
    Browser
    Chrome

My Computer

System One

  • OS
    W10 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dude
    CPU
    Intel(R) Core(TM) i5-3570K CPU OC@ 4.5 GHZ Turbo
    Motherboard
    MSI Z77MA-G45 (MS-7759)
    Memory
    8.00 GB DDR3 1600Mhz
    Graphics Card(s)
    PNY GTX 760
    Sound Card
    Realtek High Definition
    Monitor(s) Displays
    Dell S23O9W, HP L1710
    Screen Resolution
    DELL-1920 x 1080 HP-1280 x1024
    Hard Drives
    Crucial m4 256 SSD WD 7200RPM 500GB
    PSU
    Seasonic X650 Gold
    Case
    Zalman Z12
    Cooling
    Antec Kuhler 920
    Keyboard
    Logitech
    Mouse
    MSI DS100 Interceptor
    Internet Speed
    50 down 5 up
    Browser
    Chrome, IE 11
    Antivirus
    Windows Defender
    Other Info
    Logitech X-620 Speakers
Thanks - I was thinking of using the Acronis cleanup utility with a manual check of the registry keys stated, but how trustworthy is their software given the rubbish left on my PC?

It seem seems the entries in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ replicate those in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ so I only need to edit the latter entries - see What's the difference among these keys ? | PC Review
 

My Computer

System One

  • OS
    Windows 8.1 64 bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Build
    CPU
    Intel i3570K
    Motherboard
    Gigabyte GA-77X-UD5H
    Memory
    16 GB
    Graphics Card(s)
    Sapphire R9 280X Toxic
    Sound Card
    Realtek on motherboard
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Intel 520 180GB SSD
    Seagate 2T HDD
    Seagate external 1T USB HDD
    PSU
    XFX 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft
    Mouse
    Microsoft
    Internet Speed
    50Mbps
    Browser
    Chrome
It can be a pain cleaning leftovers from programs. Maybe someone with more experience with Acronis will chime in soon. Back up your important data before making any changes to the registry.
 

My Computer

System One

  • OS
    W10 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dude
    CPU
    Intel(R) Core(TM) i5-3570K CPU OC@ 4.5 GHZ Turbo
    Motherboard
    MSI Z77MA-G45 (MS-7759)
    Memory
    8.00 GB DDR3 1600Mhz
    Graphics Card(s)
    PNY GTX 760
    Sound Card
    Realtek High Definition
    Monitor(s) Displays
    Dell S23O9W, HP L1710
    Screen Resolution
    DELL-1920 x 1080 HP-1280 x1024
    Hard Drives
    Crucial m4 256 SSD WD 7200RPM 500GB
    PSU
    Seasonic X650 Gold
    Case
    Zalman Z12
    Cooling
    Antec Kuhler 920
    Keyboard
    Logitech
    Mouse
    MSI DS100 Interceptor
    Internet Speed
    50 down 5 up
    Browser
    Chrome, IE 11
    Antivirus
    Windows Defender
    Other Info
    Logitech X-620 Speakers
When I discontinued using Acronis True Image (paid version), I uninstalled it and also ran the available Acronis cleanup utility. As it turned out there were still many entries that remained in the Registry. I did a manual edit (backed up the Registry first) and removed anything associated with Acronis.

Whether you want to go that far? up to you.

(I now use Macrium Reflect).
 

My Computer

System One

  • OS
    Win 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Built
    CPU
    i7 6700K
    Motherboard
    ASUS ROG Maximus VIII Hero
    Memory
    16 Gb G Skill TridentZ DDR4 3400
    Graphics Card(s)
    Intel (i7 CPU)
    Sound Card
    RealTek Integrated
    Monitor(s) Displays
    27" Dell SE2717HR
    Screen Resolution
    1920X1080
    Hard Drives
    500GB Samsung 850 SSD, 3TB for backups
    PSU
    EVGA Supernova 750 G2
    Case
    BeQuiet Silent Base 600
    Cooling
    Deepcool Captain 120EX
    Keyboard
    Microsoft Wireless
    Mouse
    Logitech wireless
    Internet Speed
    Cable - 100MB Downlink
    Browser
    Edge/Firefox
    Antivirus
    Microsoft
    Other Info
    Sonar Platinum 64 bit recording studio software with MOTU 896Mk3 Hybrid recording interface unit.
I've now removed the offending Acronis driver vsflt53.sys manually by the procedure below, and my PC is working fine. Be sure to edit the registry in the exact sequence stated.


  • Go to Administrator account
  • Turn off Anti-Virus & network
  • Backup Registry
  • Create a restore point
  • Check and remove the following Registry entries using REGEDIT:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318} -> UpperFilters and LowerFilters Lower filter for vsflt53 deleted

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> UpperFilters and LowerFilters Checked and left alone since no entry for vsflt53

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vidsflt53 Entire key deleted


  • Closed REGEDIT then reopened to check the details again and also check that vsflt53 entries were removed from the ControlSet001 settings (which should replicate the CurrentControlSet settings).
  • Checked drivers using Autoruns and disk details in Device Manager to check there were no entries for the vsflt53 driver.
  • Restarted as Administrator and checked details in above bullet point
  • Considered deleting the following driver files from SYSTEM32, but left them for the time being:
· vsflt53.sys – present
· vididr.sys – present
· timntr.sys – present
· snapman.sys - not present
· afcdp.sys - not present
· fltsrv.sys - not present
· tdrpm273.sys - not present
· snapman.sys - not present
· tdrpman.sys - not present
· timounter.sys - not present


  • Considered deleting Seagate Secure Zone entry in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C539A15B-3AF9-4C92-B771-50CB78F5C751} but left for time being
  • Searched for Acronis & Seagate in Registry. Found only a few items but left them for the time being.
 

My Computer

System One

  • OS
    Windows 8.1 64 bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Build
    CPU
    Intel i3570K
    Motherboard
    Gigabyte GA-77X-UD5H
    Memory
    16 GB
    Graphics Card(s)
    Sapphire R9 280X Toxic
    Sound Card
    Realtek on motherboard
    Monitor(s) Displays
    Viewsonic VP2770
    Screen Resolution
    2560 x 1440
    Hard Drives
    Intel 520 180GB SSD
    Seagate 2T HDD
    Seagate external 1T USB HDD
    PSU
    XFX 850W
    Case
    Nanoxia Deep Silence 1
    Cooling
    Noctua NH-D14
    Keyboard
    Microsoft
    Mouse
    Microsoft
    Internet Speed
    50Mbps
    Browser
    Chrome
Good to hear you resolved it!
 

My Computer

System One

  • OS
    W10 Pro X64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Dude
    CPU
    Intel(R) Core(TM) i5-3570K CPU OC@ 4.5 GHZ Turbo
    Motherboard
    MSI Z77MA-G45 (MS-7759)
    Memory
    8.00 GB DDR3 1600Mhz
    Graphics Card(s)
    PNY GTX 760
    Sound Card
    Realtek High Definition
    Monitor(s) Displays
    Dell S23O9W, HP L1710
    Screen Resolution
    DELL-1920 x 1080 HP-1280 x1024
    Hard Drives
    Crucial m4 256 SSD WD 7200RPM 500GB
    PSU
    Seasonic X650 Gold
    Case
    Zalman Z12
    Cooling
    Antec Kuhler 920
    Keyboard
    Logitech
    Mouse
    MSI DS100 Interceptor
    Internet Speed
    50 down 5 up
    Browser
    Chrome, IE 11
    Antivirus
    Windows Defender
    Other Info
    Logitech X-620 Speakers
Back
Top