Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

11,5,0,0228 76.67%
11,5,0,0192 6.20%
11,5,0,0155 1.99%
11,5,0,0152 2.98%
11,0,0,2014 4.96%
11,0,0,2009 1.49%
10,0,0,1270 3.97%
10,0,0,1258 0.25%
10,0,0,1102 0.25%
10,0,0,542 0.50%
10,0,0,331 0.50%
9,0,0,2162 0.25%

Relationships

Parent process
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
RegEnumKeyExW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, ReportEventA, DeregisterEventSource, RegQueryInfoKeyW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegisterEventSourceA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor
comctl32.dll
ImageList_GetIconSize, ImageList_Draw, CreateToolbarEx, ImageList_AddMasked, CreateStatusWindowW, ImageList_BeginDrag, ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, _TrackMouseEvent, ImageList_GetImageCount, InitCommonControlsEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_DragLeave
comdlg32.dll
GetSaveFileNameW, PrintDlgW, ChooseColorW, GetOpenFileNameW, ChooseFontW
connectionwizard.dll
cwCleanup, cwTestStop, cwVipTestStart, cwLoginServerTestStart, cwStopLogging, cwStartLogging, cwInitialize, cwCsTestStart
crypt32.dll
CertCloseStore, CertFreeCertificateContext, CertGetNameStringW, CertGetEnhancedKeyUsage, CertFindCertificateInStore, CryptMsgGetParam, CryptMsgClose, CryptQueryObject, CryptUnprotectData, CryptProtectData
gdi32.dll
SaveDC, RestoreDC, CreateBitmap, PatBlt, SetBkColor, MoveToEx, LineTo, CreatePen, SetTextColor, GetStockObject, GetObjectW, CreateSolidBrush, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, GetDeviceCaps, DeleteObject, FrameRgn, CreatePolygonRgn, CreateRoundRectRgn, EnumFontFamiliesExW, SelectClipRgn, RoundRect, SetROP2, LPtoDP, GetTextExtentPoint32W, GetTextFaceW, GetTextMetricsW, CreateFontIndirectW, SetBkMode, ExtTextOutW, TextOutW, GetBkColor, GetBkMode, Rectangle, FillRgn, CombineRgn, CreateRectRgn, CreatePatternBrush, StretchBlt, CreateFontW, EndDoc, EndPage, StartPage, StartDocW, GetTextExtentPointW, SetStretchBltMode, CreateDIBSection, CreateDCW, GetPixel, GetTextExtentExPointW
gdiplus.dll
GdiplusShutdown, GdiplusStartup
imm32.dll
ImmReleaseContext, ImmGetContext, ImmAssociateContext, ImmGetCompositionStringW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
GetLocaleInfoA, VirtualAlloc, GetThreadLocale, IsProcessorFeaturePresent, GetProcessHeap, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, LoadLibraryExW, IsDebuggerPresent, QueryPerformanceCounter, FlushConsoleInputBuffer, GetStdHandle, GetFileType, GetVersion, InitializeCriticalSectionAndSpinCount, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, WritePrivateProfileStringA, Beep, CreateMutexW, ReleaseMutex, GetCurrentProcessId, WritePrivateProfileSectionW, GetSystemTimeAsFileTime, GetPrivateProfileStringA, GetSystemTime, GetCPInfoExW, GetACP, GetVersionExA, SetErrorMode, CreateProcessW, GetExitCodeProcess, TerminateProcess, lstrcpyW, GetTimeFormatW, GetDateFormatW, lstrcmpA, GetTempFileNameW, CompareFileTime, MoveFileW, RemoveDirectoryW, GetSystemDirectoryW, GetWindowsDirectoryW, GetSystemWindowsDirectoryW, GetFileAttributesExW, CreateFileA, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, LoadLibraryW, CreateSemaphoreW, InterlockedExchange, ResumeThread, OutputDebugStringW, CreateThread, WaitForMultipleObjects, ExitThread, TerminateThread, WritePrivateProfileStringW, InterlockedCompareExchange, FormatMessageW, WaitForSingleObject, InterlockedIncrement, GetLocalTime, SetEvent, ResetEvent, GlobalDeleteAtom, GlobalAddAtomW, FindFirstFileW, FindNextFileW, FindClose, CreateEventW, Sleep, GetFileTime, FileTimeToSystemTime, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, EnterCriticalSection, LeaveCriticalSection, GetLastError, SetLastError, lstrlenW, FlushInstructionCache, GetCurrentProcess, lstrcmpW, MulDiv, GetModuleFileNameW, GlobalUnlock, GlobalLock, GlobalAlloc, RaiseException, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, DeleteCriticalSection, lstrlenA, InitializeCriticalSection, CreateDirectoryA, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetTempFileNameA, GetTempPathA, SetFileAttributesA, WideCharToMultiByte, GetShortPathNameW, GlobalMemoryStatus, CloseHandle, CreateFileW, lstrcpynW, GetPrivateProfileStringW, GlobalFree, GlobalHandle, WriteFile, SetFilePointer, SetEndOfFile, lstrcpynA, DeleteFileW, SetFileAttributesW, GetFileAttributesW, CreateDirectoryW, GetComputerNameW, LocalFree, LocalAlloc, CopyFileW, GetProcAddress, GetModuleHandleW, GetPrivateProfileIntW, GetTempPathW, GetVersionExW, GetSystemInfo, ReadFile, GetFileSize, GetTickCount, FreeLibrary, LoadLibraryA, DllMain
msimg32.dll
AlphaBlend, GradientFill
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoTaskMemAlloc, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoTaskMemFree, StringFromCLSID, CoReleaseMarshalData, CoMarshalInterface, CoUnmarshalInterface, CoUninitialize, CoTaskMemRealloc, CoRevokeClassObject, CoRegisterClassObject, OleRun, DoDragDrop, ReleaseStgMedium, CoGetMalloc, RegisterDragDrop, RevokeDragDrop, CoSetProxyBlanket, CoInitializeSecurity, OleGetClipboard, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CoCreateGuid, OleLockRunning, StringFromGUID2, CoInitialize, OleCreateStaticFromData, OleDuplicateData, OleSetContainedObject, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, PropVariantClear
pcre.dll
pcre_compile, pcre_exec, pcre_free
rmc_audio.dll
rmc_audio_release_pin, rmc_audio_release, rmc_audio_create, rmc_audio_pin_start, rmc_audio_register_callback, rmc_audio_create_local_play_pin, rmc_audio_stop, rmc_audio_pin_stop, rmc_audio_start, rmc_audio_create_rendering_pin, rmc_audio_unregister_callback
secur32.dll
GetUserNameExW
setupapi.dll
SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList
shell32.dll
ShellExecuteW, ShellExecuteExW, SHGetFolderPathW, SHGetFileInfoW, DragQueryFileW, DragAcceptFiles, SHFileOperationW, SHAppBarMessage, Shell_NotifyIconW, SHGetMalloc, SHBrowseForFolderW, SHGetPathFromIDListW, SHCreateDirectoryExW
shlwapi.dll
PathStripPathW, UrlCreateFromPathW, PathFileExistsW, StrCmpNW, PathRemoveExtensionW, StrToIntW, PathIsURLW, PathFindExtensionW, PathCanonicalizeW, PathAppendW, PathIsRelativeW, UrlIsW, SHDeleteKeyW, PathFindFileNameW, wnsprintfW, PathCombineW, StrCpyNW, UrlEscapeW, StrCmpNIW, StrCmpNA, StrStrIW, PathIsDirectoryW, StrCpyW, SHCreateStreamOnFileW, SHStrDupW, PathFileExistsA, PathAddBackslashW, PathRemoveFileSpecW
urlmon.dll
CreateURLMonikerEx
user32.dll
DllMain
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
wininet.dll
InternetSetOptionW, InternetGetCookieW, InternetCloseHandle, InternetCrackUrlW, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetGetConnectedStateExW, InternetSetCookieW, HttpQueryInfoW, InternetSetCookieExW, InternetGetCookieExW, HttpOpenRequestA, InternetConnectA, HttpSendRequestExA, InternetWriteFile, HttpEndRequestA, InternetSetOptionA, HttpQueryInfoA, InternetReadFileExA, InternetSetStatusCallbackA, InternetOpenA, InternetReadFile, InternetQueryOptionW, InternetGetCookieA, InternetGetCookieExA, HttpEndRequestW, InternetQueryOptionA, HttpAddRequestHeadersA
winmm.dll
PlaySoundW, timeGetTime
wintrust.dll
WinVerifyTrust
ws2_32.dll
getaddrinfo, freeaddrinfo
wtsapi32.dll
WTSRegisterSessionNotification, WTSUnRegisterSessionNotification
xmllite.dll
CreateXmlWriter, CreateXmlReader
ylog.dll
ylog_debug, ylog_warning, ylog_error
ymdm_audio.dll
ymdm_audio_device_release, ymdm_audio_device_get_info, ymdm_audio_device_count_devices, ymdm_audio_device_create, ymdm_audio_device_display_name
ymdm_video.dll
ymdm_video_capt_device_count, ymdm_video_capt_device_get_info, ymdm_video_capt_device_create, ymdm_video_capt_device_release

YahooMessenger.exe

Yahoo! Messenger by Yahoo! Inc. (Signed)

Remove YahooMessenger.exe
Version:   11,5,0,0152
MD5:   059fe2aa728f6bafd8e67b2416040073
SHA1:   2e434604c76ec176ea45d8e3b8a00bedb1b68f14
SHA256:   043aaa14ec10d30bba8314992e4b66634cbb74c9578e290f90a8491131a490a2

What is YahooMessenger.exe?

Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.

About YahooMessenger.exe (from Yahoo! Inc.)

Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live fri

DetailsDetails

File name:YahooMessenger.exe
Publisher:Yahoo! Inc.
Product name:Yahoo! Messenger
Typical file path:C:\Program Files\Yahoo!\messenger\yahoomessenger.exe
File version:11,5,0,0152
Size:6.2 MB (6,497,592 bytes)
Certificate
Issued to:Yahoo! Inc.
Authority (CA):VeriSign
Effective date:Wednesday, August 12, 2009
Expiration date:Sunday, September 2, 2012
Digital DNA
PE subsystem:Windows GUI
Entropy:6.472139
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Yahoo! Inc.
7% remove
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.
Yahoo! Inc.
3% remove
Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live friends without requiring any installation. Send text messages in real-time to your friends on Yahoo! 7 or Windows Live™ Messenger. Share photos from your desktop or Flickr, then discuss them over IM while you and a friend view them together....
Yahoo! Inc.
20% remove
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.
Yahoo! Inc.
21% remove
AT&T Yahoo! Messenger is an AT&T branded version of Y! Messenger.

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Yahoo! Pager' → "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  • 'Messenger (Yahoo!)' → "C:\Program Files1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
Scheduled tasks
  • The task '{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}' runs on registration in the path '\{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}'
  • The job '{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}' runs on registration in the path '\{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}'
  • The task '{FE9DD168-2242-4692-9518-F849B006B42E}' runs on registration in the path '\{FE9DD168-2242-4692-9518-F849B006B42E}'
  • The job '{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}' runs on registration in the path '\{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}'
  • The task '{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}' runs on registration in the path '\{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}'
  • The task '{FA79B2F5-7E02-4809-8B35-37242B09F0D8}' runs on registration in the path '\{FA79B2F5-7E02-4809-8B35-37242B09F0D8}'
  • The job '{F83786B3-255D-426C-8E5F-168388CB160D}' runs on registration in the path '\{F83786B3-255D-426C-8E5F-168388CB160D}'
  • The task '{F029C03D-44A7-4F3C-816A-B58D7D9F118B}' runs on registration in the path '\{F029C03D-44A7-4F3C-816A-B58D7D9F118B}'
  • The job '{E8178761-9854-4275-9D41-EDE6CF69B80D}' runs on registration in the path '\{E8178761-9854-4275-9D41-EDE6CF69B80D}'
  • The job '{DD6C57E2-0A17-411F-A257-F27B425B1E2F}' runs on registration in the path '\{DD6C57E2-0A17-411F-A257-F27B425B1E2F}'
  • The task '{DCD0C27A-7B98-4496-8BB0-54774348BE49}' runs on registration in the path '\{DCD0C27A-7B98-4496-8BB0-54774348BE49}'
  • The job '{D4A77F9F-4019-4429-9E31-6B4663884D3E}' runs on registration in the path '\{D4A77F9F-4019-4429-9E31-6B4663884D3E}'
  • The job '{D14D6992-E2DB-4701-8A81-95FA01C505D3}' runs on registration in the path '\{D14D6992-E2DB-4701-8A81-95FA01C505D3}'
  • The task '{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}' runs on registration in the path '\{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}'
  • The task '{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}' runs on registration in the path '\{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}'
  • The job '{C6969615-5B0C-4F8D-84F3-AD11330140E6}' runs on registration in the path '\{C6969615-5B0C-4F8D-84F3-AD11330140E6}'
  • The task '{BE61EF52-4612-49A3-9671-C4AF05E53DC7}' runs on registration in the path '\{BE61EF52-4612-49A3-9671-C4AF05E53DC7}'
  • The job '{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}' runs on registration in the path '\{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}'
  • The task '{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}' runs on registration in the path '\{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}'
  • The job '{A471C0C4-3177-417F-8A98-F9F376A9B149}' runs on registration in the path '\{A471C0C4-3177-417F-8A98-F9F376A9B149}'
  • The task '{A34D260B-18EE-403F-B589-12DA6124FAB7}' runs on registration in the path '\{A34D260B-18EE-403F-B589-12DA6124FAB7}'
  • The task '{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}' runs on registration in the path '\{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 59568

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.04812889%
    0.028634%
    Kernel CPU:0.02859693%
    0.013761%
    User CPU:0.01953195%
    0.014873%
    Kernel CPU time:1,482 ms/min
    100,923,805ms/min
    Memory
    Private memory:51.83 MB
    21.59 MB
    Private (maximum):46.23 MB
    Private (minimum):32.85 MB
    Non-paged memory:51.83 MB
    21.59 MB
    Virtual memory:220.5 MB
    140.96 MB
    Virtual memory (peak):247.91 MB
    169.69 MB
    Working set:34.5 MB
    18.61 MB
    Working set (peak):49.8 MB
    37.95 MB
    Resource allocations
    Threads:23
    12
    Handles:637
    600
    GUI GDI count:263
    103
    GUI GDI peak:269
    142
    GUI USER count:115
    49
    GUI USER peak:126
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command lines:
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe"
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe" /cookieproxy
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:0.25013130%
    0.272967%
    Kernel CPU:0.21887038%
    0.107585%
    User CPU:0.03126093%
    0.165382%
    CPU cycles:7,424,440/sec
    5,741,424/sec
    Context switches:59/sec
    79/sec
    Memory:1.23 MB
    1.16 MB
    YahooMessenger.exe (main module)
    Total CPU:0.08928989%
    Kernel CPU:0.06244075%
    User CPU:0.02684914%
    CPU cycles:11,426,938/sec
    Context switches:68/sec
    Memory:6.3 MB
    WININET.dll
    Total CPU:0.06226234%
    Kernel CPU:0.06226234%
    User CPU:0.00000000%
    CPU cycles:287,539/sec
    Context switches:17/sec
    Memory:1.11 MB
    flash32_11_7_700_224.ocx (Shockwave Flash by Adobe Systems)
    Total CPU:0.00751996%
    Kernel CPU:0.00375998%
    User CPU:0.00375998%
    CPU cycles:3,320,051/sec
    Context switches:52/sec
    Memory:16.33 MB
    wow64.dll (Win32 Emulation on NT64 by Microsoft)
    Total CPU:0.00584203%
    Kernel CPU:0.00146051%
    User CPU:0.00438152%
    CPU cycles:127,161/sec
    Memory:252 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 54.00%
    Microsoft Windows XP 17.50%
    Windows 7 Ultimate 13.00%
    Windows 8 Pro 4.00%
    Windows 8 2.00%
    Windows 8 Pro with Media Center 1.50%
    Windows 7 Professional 1.50%
    Windows Seven Black Edition 1.50%
    Windows 8 Single Language 1.50%
    Windows 7 Home Basic 1.50%
    Windows Vista Home Premium 1.50%
    Windows 8.1 Single Language Preview 0.50%

    Distribution by countryDistribution by country

    United States installs about 59.49% of Yahoo! Messenger.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 59.81%
    Dell 15.58%
    ASUS 6.23%
    Hewlett-Packard 4.67%
    Acer 4.67%
    American Megatrends 4.05%
    GIGABYTE 2.18%
    Compaq 0.62%
    Lenovo 0.62%
    Intel 0.62%
    Sony 0.62%
    Sahara 0.31%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE