Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 5.23%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.12%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.29%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.06%
6.2.9200.16384 (win8_rtm.120725-1247) 15.97%
6.2.9200.16384 (win8_rtm.120725-1247) 2.47%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.12%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.06%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.12%
6.1.7600.16385 (win7_rtm.090713-1255) 22.96%
6.1.7600.16385 (win7_rtm.090713-1255) 45.04%
6.1.7600.16385 (win7_rtm.090713-1255) 0.06%
6.0.6001.18000 (longhorn_rtm.080118-1840) 6.17%
6.0.6001.18000 (longhorn_rtm.080118-1840) 1.35%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, OpenProcessToken, RegEnumKeyExW, EventWrite, RegDeleteKeyW, RegCloseKey, RegQueryInfoKeyW, RegOpenKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, AdjustTokenPrivileges, LookupPrivilegeValueW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, InitiateShutdownW, RegQueryValueExW, RegSetValueExW, RegCreateKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, EventUnregister, EventRegister, RegEnumValueW
gdi32.dll
DeleteObject, SetAbortProc, SetMapMode, GetDeviceCaps, CreateFontIndirectW, SelectObject, StartDocW, StartPage, EndPage, EndDoc, AbortDoc, DeleteDC
kernel32.dll
GlobalFree, MulDiv, HeapFree, HeapAlloc, WriteFile, CreateFileW, GetCurrentProcess, GetCurrentThreadId, CreateMutexW, CreateEventW, GetVersionExW, FormatMessageW, GetProcessHeap, RegisterApplicationRestart, HeapSetInformation, GetSystemTime, SystemTimeToFileTime, CloseHandle, LoadLibraryA, OutputDebugStringA, GetModuleFileNameW, SetLastError, GetLastError, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, LoadLibraryW, GetModuleHandleA, OpenMutexW, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, GetVolumePathNamesForVolumeNameW, DeviceIoControl, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetUnhandledExceptionFilter, LocalFree
msvcrt.dll
DllMain
ntdll.dll
WinSqmAddToStream, WinSqmSetDWORD, WinSqmEndSession, NtQuerySystemTime, WinSqmStartSession
ole32.dll
CoInitializeEx, CoCreateInstance, CoInitialize, CoUninitialize, CoCreateGuid, StringFromGUID2
setupapi.dll
SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceRegistryPropertyW, SetupDiGetClassDevsW
user32.dll
DialogBoxParamW, EndDialog, DefWindowProcW, SetWindowLongW, DestroyWindow, SetDlgItemTextW, LoadStringW, MessageBoxW, SetCursor, SendMessageW, DrawTextW, EnumThreadWindows, GetWindowLongW, SetWindowPos, LoadIconW, CreateWindowExW, MsgWaitForMultipleObjects, DispatchMessageW, PeekMessageW, LoadCursorW, PostMessageW, GetParent, ShowWindow, GetDlgItem, IsDialogMessageW, SetFocus, EnableWindow, CreateDialogParamW, TranslateMessage
userenv.dll
GetUserProfileDirectoryW

dfdwiz.exe

Windows Disk Diagnostic User Resolver by Microsoft

Remove dfdwiz.exe
Version:   6.3.9600.16384 (winblue_rtm.130821-1623)
MD5:   a1d5cb7f8ce1ffca0a645b8f3a62db58
SHA1:   5513f5aae97e8288539ba8d0c501eeef1468fe49
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

dfdwiz.exe executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). .

DetailsDetails

File name:dfdwiz.exe
Publisher:Microsoft Corporation
Product name:Windows Disk Diagnostic User Resolver
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\dfdwiz.exe
Original name:DFDWiz.exe.mui
File version:6.3.9600.16384 (winblue_rtm.130821-1623)
Product version:6.3.9600.16384
Size:75.5 KB (77,312 bytes)
Build date:8/22/2013 6:49 AM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'
Scheduled tasks
  • The job 'Microsoft-Windows-DiskDiagnosticResolver' runs on logon in the path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'
  • Entry path '\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 29.50%
Windows 8.1 18.50%
Windows 7 Ultimate 15.00%
Windows 8.1 Pro 8.00%
Windows 7 Professional 6.50%
Windows 8 4.50%
Windows 8.1 Single Language 3.50%
Windows 8 Pro 3.00%
Windows 8.1 Pro with Media Center 2.50%
Windows 8 Single Language 2.50%
Windows 7 Home Basic 2.00%
Windows Vista Home Premium 1.50%
Windows 8 Enterprise N 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 44.72% of Windows Disk Diagnostic User Resolver.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 20.16%
ASUS 18.60%
Hewlett-Packard 17.05%
Acer 11.24%
Lenovo 10.08%
Toshiba 9.30%
Sony 5.43%
Intel 2.33%
GIGABYTE 1.94%
Alienware 1.55%
Samsung 1.55%
Medion 0.78%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE