Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 5.23%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.12%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.29%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.06%
6.2.9200.16384 (win8_rtm.120725-1247) 15.97%
6.2.9200.16384 (win8_rtm.120725-1247) 2.47%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.12%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.06%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.12%
6.1.7600.16385 (win7_rtm.090713-1255) 22.96%
6.1.7600.16385 (win7_rtm.090713-1255) 45.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.06%
6.0.6001.18000 (longhorn_rtm.080118-1840) 6.17%
6.0.6001.18000 (longhorn_rtm.080118-1840) 1.35%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, OpenProcessToken, RegEnumKeyExW, EventWrite, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW, RegOpenKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, AdjustTokenPrivileges, LookupPrivilegeValueW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, InitiateShutdownW, RegQueryValueExW, RegSetValueExW, RegCreateKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, EventUnregister, EventRegister, RegEnumValueW
gdi32.dll
DeleteObject, SetAbortProc, SetMapMode, GetDeviceCaps, CreateFontIndirectW, SelectObject, StartDocW, StartPage, EndPage, EndDoc, AbortDoc, DeleteDC
kernel32.dll
GlobalFree, MulDiv, HeapFree, HeapAlloc, WriteFile, CreateFileW, GetCurrentProcess, GetCurrentThreadId, CreateMutexW, CreateEventW, GetVersionExW, FormatMessageW, GetProcessHeap, RegisterApplicationRestart, HeapSetInformation, GetSystemTime, SystemTimeToFileTime, CloseHandle, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, SetLastError, GetLastError, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, LoadLibraryW, GetModuleHandleA, OpenMutexW, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, GetVolumePathNamesForVolumeNameW, DeviceIoControl, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, LocalFree
msvcrt.dll
DllMain
ntdll.dll
WinSqmAddToStream, WinSqmSetDWORD, WinSqmEndSession, NtQuerySystemTime, WinSqmStartSession
ole32.dll
CoInitializeEx, CoCreateInstance, CoInitialize, CoUninitialize, CoCreateGuid, StringFromGUID2
setupapi.dll
SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceRegistryPropertyW, SetupDiGetClassDevsW
user32.dll
DialogBoxParamW, EndDialog, DefWindowProcW, SetWindowLongW, DestroyWindow, SetDlgItemTextW, LoadStringW, MessageBoxW, SetCursor, SendMessageW, DrawTextW, EnumThreadWindows, GetWindowLongW, SetWindowPos, LoadIconW, CreateWindowExW, MsgWaitForMultipleObjects, DispatchMessageW, PeekMessageW, LoadCursorW, PostMessageW, GetParent, ShowWindow, GetDlgItem, IsDialogMessageW, SetFocus, EnableWindow, CreateDialogParamW, TranslateMessage
userenv.dll
GetUserProfileDirectoryW

dfdwiz.exe

Windows Disk Diagnostic User Resolver by Microsoft

Remove dfdwiz.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   4a3bd2bb1b55c39ab71ef4c9b9dce815
SHA1:   1d090f4c9c7234aeaf52e13cdec075164ff3d0fa
SHA256:   42761cbb8d72595c61fb6e52699fe3fb609509582b7055490ffb8fd31d09c996
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

dfdwiz.exe executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). This version is designed to run on Windows 7.

DetailsDetails

File name:dfdwiz.exe
Publisher:Microsoft Corporation
Product name:Windows Disk Diagnostic User Resolver
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\dfdwiz.exe
Original name:DFDWiz.exe.mui
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:77.5 KB (79,360 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'
Scheduled tasks
  • The job 'Microsoft-Windows-DiskDiagnosticResolver' runs on logon in the path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'
  • Entry path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 29.50%
Windows 8.1 18.50%
Windows 7 Ultimate 15.00%
Windows 8.1 Pro 8.00%
Windows 7 Professional 6.50%
Windows 8 4.50%
Windows 8.1 Single Language 3.50%
Windows 8 Pro 3.00%
Windows 8.1 Pro with Media Center 2.50%
Windows 8 Single Language 2.50%
Windows 7 Home Basic 2.00%
Windows Vista Home Premium 1.50%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 44.72% of Windows Disk Diagnostic User Resolver.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 20.16%
ASUS 18.60%
Hewlett-Packard 17.05%
Acer 11.24%
Lenovo 10.08%
Toshiba 9.30%
Sony 5.43%
Intel 2.33%
GIGABYTE 1.94%
Alienware 1.55%
Samsung 1.55%
Medion 0.78%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE