Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

11,5,0,0228 76.67%
11,5,0,0192 6.20%
11,5,0,0155 1.99%
11,5,0,0152 2.98%
11,0,0,2014 4.96%
11,0,0,2009 1.49%
10,0,0,1270 3.97%
10,0,0,1258 0.25%
10,0,0,1102 0.25%
10,0,0,542 0.50%
10,0,0,331 0.50%
9,0,0,2162 0.25%

Relationships

Parent process
Child process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
RegEnumKeyExW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, ReportEventA, DeregisterEventSource, RegQueryInfoKeyW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegisterEventSourceA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor
comctl32.dll
ImageList_GetIconSize, ImageList_Draw, CreateToolbarEx, ImageList_AddMasked, CreateStatusWindowW, ImageList_BeginDrag, ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, _TrackMouseEvent, ImageList_GetImageCount, InitCommonControlsEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_DragLeave
comdlg32.dll
GetSaveFileNameW, PrintDlgW, ChooseColorW, GetOpenFileNameW, ChooseFontW
connectionwizard.dll
cwCleanup, cwTestStop, cwVipTestStart, cwLoginServerTestStart, cwStopLogging, cwStartLogging, cwInitialize, cwCsTestStart
crypt32.dll
CertCloseStore, CertFreeCertificateContext, CertGetNameStringW, CertGetEnhancedKeyUsage, CertFindCertificateInStore, CryptMsgGetParam, CryptMsgClose, CryptQueryObject, CryptUnprotectData, CryptProtectData
gdi32.dll
SaveDC, RestoreDC, CreateBitmap, PatBlt, SetBkColor, MoveToEx, LineTo, CreatePen, SetTextColor, GetStockObject, GetObjectW, CreateSolidBrush, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, GetDeviceCaps, DeleteObject, FrameRgn, CreatePolygonRgn, CreateRoundRectRgn, EnumFontFamiliesExW, SelectClipRgn, RoundRect, SetROP2, LPtoDP, GetTextExtentPoint32W, GetTextFaceW, GetTextMetricsW, CreateFontIndirectW, SetBkMode, ExtTextOutW, TextOutW, GetBkColor, GetBkMode, Rectangle, FillRgn, CombineRgn, CreateRectRgn, CreatePatternBrush, StretchBlt, CreateFontW, EndDoc, EndPage, StartPage, StartDocW, GetTextExtentPointW, SetStretchBltMode, CreateDIBSection, CreateDCW, GetPixel, GetTextExtentExPointW
gdiplus.dll
GdiplusShutdown, GdiplusStartup
imm32.dll
ImmReleaseContext, ImmGetContext, ImmAssociateContext, ImmGetCompositionStringW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
GetLocaleInfoA, VirtualAlloc, GetThreadLocale, IsProcessorFeaturePresent, GetProcessHeap, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, LoadLibraryExW, IsDebuggerPresent, QueryPerformanceCounter, FlushConsoleInputBuffer, GetStdHandle, GetFileType, GetVersion, InitializeCriticalSectionAndSpinCount, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, WritePrivateProfileStringA, Beep, CreateMutexW, ReleaseMutex, GetCurrentProcessId, WritePrivateProfileSectionW, GetSystemTimeAsFileTime, GetPrivateProfileStringA, GetSystemTime, GetCPInfoExW, GetACP, GetVersionExA, SetErrorMode, CreateProcessW, GetExitCodeProcess, TerminateProcess, lstrcpyW, GetTimeFormatW, GetDateFormatW, lstrcmpA, GetTempFileNameW, CompareFileTime, MoveFileW, RemoveDirectoryW, GetSystemDirectoryW, GetWindowsDirectoryW, GetSystemWindowsDirectoryW, GetFileAttributesExW, CreateFileA, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, LoadLibraryW, CreateSemaphoreW, InterlockedExchange, ResumeThread, OutputDebugStringW, CreateThread, WaitForMultipleObjects, ExitThread, TerminateThread, WritePrivateProfileStringW, InterlockedCompareExchange, FormatMessageW, WaitForSingleObject, InterlockedIncrement, GetLocalTime, SetEvent, ResetEvent, GlobalDeleteAtom, GlobalAddAtomW, FindFirstFileW, FindNextFileW, FindClose, CreateEventW, Sleep, GetFileTime, FileTimeToSystemTime, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, EnterCriticalSection, LeaveCriticalSection, GetLastError, SetLastError, lstrlenW, FlushInstructionCache, GetCurrentProcess, lstrcmpW, MulDiv, GetModuleFileNameW, GlobalUnlock, GlobalLock, GlobalAlloc, RaiseException, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, DeleteCriticalSection, lstrlenA, InitializeCriticalSection, CreateDirectoryA, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetTempFileNameA, GetTempPathA, SetFileAttributesA, WideCharToMultiByte, GetShortPathNameW, GlobalMemoryStatus, CloseHandle, CreateFileW, lstrcpynW, GetPrivateProfileStringW, GlobalFree, GlobalHandle, WriteFile, SetFilePointer, SetEndOfFile, lstrcpynA, DeleteFileW, SetFileAttributesW, GetFileAttributesW, CreateDirectoryW, GetComputerNameW, LocalFree, LocalAlloc, CopyFileW, GetProcAddress, GetModuleHandleW, GetPrivateProfileIntW, GetTempPathW, GetVersionExW, GetSystemInfo, ReadFile, GetFileSize, GetTickCount, FreeLibrary, LoadLibraryA, DllMain
msimg32.dll
AlphaBlend, GradientFill
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoTaskMemAlloc, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoTaskMemFree, StringFromCLSID, CoReleaseMarshalData, CoMarshalInterface, CoUnmarshalInterface, CoUninitialize, CoTaskMemRealloc, CoRevokeClassObject, CoRegisterClassObject, OleRun, DoDragDrop, ReleaseStgMedium, CoGetMalloc, RegisterDragDrop, RevokeDragDrop, CoSetProxyBlanket, CoInitializeSecurity, OleGetClipboard, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CoCreateGuid, OleLockRunning, StringFromGUID2, CoInitialize, OleCreateStaticFromData, OleDuplicateData, OleSetContainedObject, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, PropVariantClear
pcre.dll
pcre_compile, pcre_exec, pcre_free
rmc_audio.dll
rmc_audio_release_pin, rmc_audio_release, rmc_audio_create, rmc_audio_pin_start, rmc_audio_register_callback, rmc_audio_create_local_play_pin, rmc_audio_stop, rmc_audio_pin_stop, rmc_audio_start, rmc_audio_create_rendering_pin, rmc_audio_unregister_callback
secur32.dll
GetUserNameExW
setupapi.dll
SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList
shell32.dll
ShellExecuteW, ShellExecuteExW, SHGetFolderPathW, SHGetFileInfoW, DragQueryFileW, DragAcceptFiles, SHFileOperationW, SHAppBarMessage, Shell_NotifyIconW, SHGetMalloc, SHBrowseForFolderW, SHGetPathFromIDListW, SHCreateDirectoryExW
shlwapi.dll
PathStripPathW, UrlCreateFromPathW, PathFileExistsW, StrCmpNW, PathRemoveExtensionW, StrToIntW, PathIsURLW, PathFindExtensionW, PathCanonicalizeW, PathAppendW, PathIsRelativeW, UrlIsW, SHDeleteKeyW, PathFindFileNameW, wnsprintfW, PathCombineW, StrCpyNW, UrlEscapeW, StrCmpNIW, StrCmpNA, StrStrIW, PathIsDirectoryW, StrCpyW, SHCreateStreamOnFileW, SHStrDupW, PathFileExistsA, PathAddBackslashW, PathRemoveFileSpecW
urlmon.dll
CreateURLMonikerEx
user32.dll
DllMain
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
wininet.dll
InternetSetOptionW, InternetGetCookieW, InternetCloseHandle, InternetCrackUrlW, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetGetConnectedStateExW, InternetSetCookieW, HttpQueryInfoW, InternetSetCookieExW, InternetGetCookieExW, HttpOpenRequestA, InternetConnectA, HttpSendRequestExA, InternetWriteFile, HttpEndRequestA, InternetSetOptionA, HttpQueryInfoA, InternetReadFileExA, InternetSetStatusCallbackA, InternetOpenA, InternetReadFile, InternetQueryOptionW, InternetGetCookieA, InternetGetCookieExA, HttpEndRequestW, InternetQueryOptionA, HttpAddRequestHeadersA
winmm.dll
PlaySoundW, timeGetTime
wintrust.dll
WinVerifyTrust
ws2_32.dll
getaddrinfo, freeaddrinfo
wtsapi32.dll
WTSRegisterSessionNotification, WTSUnRegisterSessionNotification
xmllite.dll
CreateXmlWriter, CreateXmlReader
ylog.dll
ylog_debug, ylog_warning, ylog_error
ymdm_audio.dll
ymdm_audio_device_release, ymdm_audio_device_get_info, ymdm_audio_device_count_devices, ymdm_audio_device_create, ymdm_audio_device_display_name
ymdm_video.dll
ymdm_video_capt_device_count, ymdm_video_capt_device_get_info, ymdm_video_capt_device_create, ymdm_video_capt_device_release

YahooMessenger.exe

Yahoo! Messenger by Yahoo! Inc. (Signed)

Remove YahooMessenger.exe
Version:   11,0,0,2014
MD5:   1ca2943dc17355330ba5b3efc6ca4537
SHA1:   670057d5f8c22a604edf77015d4b16b4a919255b
SHA256:   780f40541c2ded9ec1458f1a809b506c696c5702e547eacb686a95fc28201824

What is YahooMessenger.exe?

Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.

About YahooMessenger.exe (from Yahoo! Inc.)

Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live fri

DetailsDetails

File name:YahooMessenger.exe
Publisher:Yahoo! Inc.
Product name:Yahoo! Messenger
Typical file path:C:\Program Files\Yahoo!\messenger\yahoomessenger.exe
File version:11,0,0,2014
Size:5.99 MB (6,276,408 bytes)
Certificate
Issued to:Yahoo! Inc.
Authority (CA):VeriSign
Effective date:Wednesday, August 12, 2009
Expiration date:Sunday, September 2, 2012
Digital DNA
PE subsystem:Windows GUI
Entropy:6.472139
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Yahoo! Inc.
7% remove
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.
Yahoo! Inc.
3% remove
Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live friends without requiring any installation. Send text messages in real-time to your friends on Yahoo! 7 or Windows Live™ Messenger. Share photos from your desktop or Flickr, then discuss them over IM while you and a friend view them together....
Yahoo! Inc.
21% remove
AT&T Yahoo! Messenger is an AT&T branded version of Y! Messenger.
Yahoo! Inc.
10% remove
Access your Rogers Yahoo! Internet favourites and search from anywhere on the web. The built in Pop-Up Blocker can also help keep annoying pop-up advertisements and messages from appearing while you surf the web. Customize and access your toolbar from any PC. Connect in real-time with friends by sending instant messages and sharing files. Plus IM with friends that use Windows Live™ Messenger! Protect against accidental deletion, hardwa...
Yahoo! Inc.
20% remove
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Yahoo! Pager' → "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  • 'Messenger (Yahoo!)' → "C:\Program Files1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
Scheduled tasks
  • The task '{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}' runs on registration in the path '\{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}'
  • The job '{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}' runs on registration in the path '\{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}'
  • The task '{FE9DD168-2242-4692-9518-F849B006B42E}' runs on registration in the path '\{FE9DD168-2242-4692-9518-F849B006B42E}'
  • The job '{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}' runs on registration in the path '\{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}'
  • The task '{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}' runs on registration in the path '\{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}'
  • The task '{FA79B2F5-7E02-4809-8B35-37242B09F0D8}' runs on registration in the path '\{FA79B2F5-7E02-4809-8B35-37242B09F0D8}'
  • The job '{F83786B3-255D-426C-8E5F-168388CB160D}' runs on registration in the path '\{F83786B3-255D-426C-8E5F-168388CB160D}'
  • The task '{F029C03D-44A7-4F3C-816A-B58D7D9F118B}' runs on registration in the path '\{F029C03D-44A7-4F3C-816A-B58D7D9F118B}'
  • The job '{E8178761-9854-4275-9D41-EDE6CF69B80D}' runs on registration in the path '\{E8178761-9854-4275-9D41-EDE6CF69B80D}'
  • The job '{DD6C57E2-0A17-411F-A257-F27B425B1E2F}' runs on registration in the path '\{DD6C57E2-0A17-411F-A257-F27B425B1E2F}'
  • The task '{DCD0C27A-7B98-4496-8BB0-54774348BE49}' runs on registration in the path '\{DCD0C27A-7B98-4496-8BB0-54774348BE49}'
  • The job '{D4A77F9F-4019-4429-9E31-6B4663884D3E}' runs on registration in the path '\{D4A77F9F-4019-4429-9E31-6B4663884D3E}'
  • The job '{D14D6992-E2DB-4701-8A81-95FA01C505D3}' runs on registration in the path '\{D14D6992-E2DB-4701-8A81-95FA01C505D3}'
  • The task '{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}' runs on registration in the path '\{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}'
  • The task '{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}' runs on registration in the path '\{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}'
  • The job '{C6969615-5B0C-4F8D-84F3-AD11330140E6}' runs on registration in the path '\{C6969615-5B0C-4F8D-84F3-AD11330140E6}'
  • The task '{BE61EF52-4612-49A3-9671-C4AF05E53DC7}' runs on registration in the path '\{BE61EF52-4612-49A3-9671-C4AF05E53DC7}'
  • The job '{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}' runs on registration in the path '\{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}'
  • The task '{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}' runs on registration in the path '\{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}'
  • The job '{A471C0C4-3177-417F-8A98-F9F376A9B149}' runs on registration in the path '\{A471C0C4-3177-417F-8A98-F9F376A9B149}'
  • The task '{A34D260B-18EE-403F-B589-12DA6124FAB7}' runs on registration in the path '\{A34D260B-18EE-403F-B589-12DA6124FAB7}'
  • The task '{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}' runs on registration in the path '\{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}'
Network connections
Access through an approved Windows firewall exception
  • [TCP] sip112-p3.voice.ne1.yahoo.com (98.138.26.107:443)
  • [UDP] listens on port 1071
  • [UDP] listens on port 50048

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.04297547%
    0.028634%
    Kernel CPU:0.02826466%
    0.013761%
    User CPU:0.01471081%
    0.014873%
    Kernel CPU time:2,342 ms/min
    100,923,805ms/min
    User CPU time:9 ms/min
    0 ms/min
    CPU cycles:9,979,670/sec
    17,470,203/sec
    Context switches:37/sec
    284/sec
    Memory
    Private memory:41 MB
    21.59 MB
    Private (maximum):30.27 MB
    Private (minimum):5.45 MB
    Non-paged memory:41 MB
    21.59 MB
    Virtual memory:176.26 MB
    140.96 MB
    Virtual memory (peak):197.84 MB
    169.69 MB
    Working set:23.05 MB
    18.61 MB
    Working set (peak):69.15 MB
    37.95 MB
    Page faults:48,353/min
    2,039/min
    I/O
    I/O read transfer:40.5 KB/sec
    1.02 MB/min
    I/O read operations:12/sec
    343/min
    I/O write transfer:1.44 KB/sec
    274.99 KB/min
    I/O write operations:4/sec
    227/min
    I/O other transfer:3.05 KB/sec
    448.09 KB/min
    I/O other operations:142/sec
    1,671/min
    Resource allocations
    Threads:14
    12
    Handles:516
    600
    GUI GDI count:215
    103
    GUI GDI peak:246
    142
    GUI USER count:104
    49
    GUI USER peak:161
    71

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:32-bit
    Command lines:
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe" /cookieproxy
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe"
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe" -quiet
    • "C:\progra~1\yahoo!\messenger\yahoomessenger.exe" -quiet
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    YahooMessenger.exe (main module)
    Total CPU:0.00926154%
    0.272967%
    Kernel CPU:0.00532710%
    0.107585%
    User CPU:0.00393444%
    0.165382%
    CPU cycles:3,505,391/sec
    5,741,424/sec
    Context switches:31/sec
    79/sec
    Memory:6.09 MB
    1.16 MB
    MSVCR80.dll
    Total CPU:0.00203954%
    Kernel CPU:0.00113367%
    User CPU:0.00090587%
    CPU cycles:80,659/sec
    Memory:620 KB
    msvcrt.dll (Windows NT CRT DLL by Microsoft)
    Total CPU:0.00084686%
    Kernel CPU:0.00007939%
    User CPU:0.00076746%
    CPU cycles:29,808/sec
    Memory:688 KB
    ntdll.dll
    Total CPU:0.00078482%
    Kernel CPU:0.00034336%
    User CPU:0.00044146%
    Memory:712 KB
    ymsdk.dll (by Yahoo!)
    Total CPU:0.00019632%
    Kernel CPU:0.00009816%
    User CPU:0.00009816%
    Memory:3.89 MB
    flash32_11_5_502_149.ocx (Shockwave Flash by Adobe Systems)
    Total CPU:0.00015857%
    Kernel CPU:0.00010571%
    User CPU:0.00005286%
    CPU cycles:173,999/sec
    Context switches:4/sec
    Memory:14.77 MB
    WININET.dll
    Total CPU:0.00010572%
    Kernel CPU:0.00005286%
    User CPU:0.00005286%
    CPU cycles:29,948/sec
    Memory:1.11 MB
    flash11e.ocx (Shockwave Flash by Adobe Systems)
    Total CPU:0.00007357%
    Kernel CPU:0.00002452%
    User CPU:0.00004905%
    Context switches:6/sec
    Memory:9.15 MB
    WINMM.dll
    Total CPU:0.00005290%
    Kernel CPU:0.00000000%
    User CPU:0.00005290%
    CPU cycles:831/sec
    Memory:200 KB
    quartz.dll
    Total CPU:0.00004908%
    Kernel CPU:0.00000000%
    User CPU:0.00004908%
    Memory:1.43 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 54.00%
    Microsoft Windows XP 17.50%
    Windows 7 Ultimate 13.00%
    Windows 8 Pro 4.00%
    Windows 8 2.00%
    Windows 8 Pro with Media Center 1.50%
    Windows 7 Professional 1.50%
    Windows Seven Black Edition 1.50%
    Windows 8 Single Language 1.50%
    Windows 7 Home Basic 1.50%
    Windows Vista Home Premium 1.50%
    Windows 8.1 Single Language Preview 0.50%

    Distribution by countryDistribution by country

    United States installs about 59.49% of Yahoo! Messenger.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 59.81%
    Dell 15.58%
    ASUS 6.23%
    Hewlett-Packard 4.67%
    Acer 4.67%
    American Megatrends 4.05%
    GIGABYTE 2.18%
    Compaq 0.62%
    Lenovo 0.62%
    Intel 0.62%
    Sony 0.62%
    Sahara 0.31%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE