Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

11,5,0,0228 76.67%
11,5,0,0192 6.20%
11,5,0,0155 1.99%
11,5,0,0152 2.98%
11,0,0,2014 4.96%
11,0,0,2009 1.49%
10,0,0,1270 3.97%
10,0,0,1258 0.25%
10,0,0,1102 0.25%
10,0,0,542 0.50%
10,0,0,331 0.50%
9,0,0,2162 0.25%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegEnumKeyExW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, ReportEventA, DeregisterEventSource, RegQueryInfoKeyW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegisterEventSourceA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor
comctl32.dll
ImageList_GetIconSize, ImageList_Draw, CreateToolbarEx, ImageList_AddMasked, CreateStatusWindowW, ImageList_BeginDrag, ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, _TrackMouseEvent, ImageList_GetImageCount, InitCommonControlsEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_DragLeave
comdlg32.dll
GetSaveFileNameW, PrintDlgW, ChooseColorW, GetOpenFileNameW, ChooseFontW
connectionwizard.dll
cwCleanup, cwTestStop, cwVipTestStart, cwLoginServerTestStart, cwStopLogging, cwStartLogging, cwInitialize, cwCsTestStart
crypt32.dll
CertCloseStore, CertFreeCertificateContext, CertGetNameStringW, CertGetEnhancedKeyUsage, CertFindCertificateInStore, CryptMsgGetParam, CryptMsgClose, CryptQueryObject, CryptUnprotectData, CryptProtectData
gdi32.dll
SaveDC, RestoreDC, CreateBitmap, PatBlt, SetBkColor, MoveToEx, LineTo, CreatePen, SetTextColor, GetStockObject, GetObjectW, CreateSolidBrush, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, GetDeviceCaps, DeleteObject, FrameRgn, CreatePolygonRgn, CreateRoundRectRgn, EnumFontFamiliesExW, SelectClipRgn, RoundRect, SetROP2, LPtoDP, GetTextExtentPoint32W, GetTextFaceW, GetTextMetricsW, CreateFontIndirectW, SetBkMode, ExtTextOutW, TextOutW, GetBkColor, GetBkMode, Rectangle, FillRgn, CombineRgn, CreateRectRgn, CreatePatternBrush, StretchBlt, CreateFontW, EndDoc, EndPage, StartPage, StartDocW, GetTextExtentPointW, SetStretchBltMode, CreateDIBSection, CreateDCW, GetPixel, GetTextExtentExPointW
gdiplus.dll
GdiplusShutdown, GdiplusStartup
imm32.dll
ImmReleaseContext, ImmGetContext, ImmAssociateContext, ImmGetCompositionStringW
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
GetLocaleInfoA, VirtualAlloc, GetThreadLocale, IsProcessorFeaturePresent, GetProcessHeap, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, LoadLibraryExW, IsDebuggerPresent, QueryPerformanceCounter, FlushConsoleInputBuffer, GetStdHandle, GetFileType, GetVersion, InitializeCriticalSectionAndSpinCount, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, WritePrivateProfileStringA, Beep, CreateMutexW, ReleaseMutex, GetCurrentProcessId, WritePrivateProfileSectionW, GetSystemTimeAsFileTime, GetPrivateProfileStringA, GetSystemTime, GetCPInfoExW, GetACP, GetVersionExA, SetErrorMode, CreateProcessW, GetExitCodeProcess, TerminateProcess, lstrcpyW, GetTimeFormatW, GetDateFormatW, lstrcmpA, GetTempFileNameW, CompareFileTime, MoveFileW, RemoveDirectoryW, GetSystemDirectoryW, GetWindowsDirectoryW, GetSystemWindowsDirectoryW, GetFileAttributesExW, CreateFileA, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, LoadLibraryW, CreateSemaphoreW, InterlockedExchange, ResumeThread, OutputDebugStringW, CreateThread, WaitForMultipleObjects, ExitThread, TerminateThread, WritePrivateProfileStringW, InterlockedCompareExchange, FormatMessageW, WaitForSingleObject, InterlockedIncrement, GetLocalTime, SetEvent, ResetEvent, GlobalDeleteAtom, GlobalAddAtomW, FindFirstFileW, FindNextFileW, FindClose, CreateEventW, Sleep, GetFileTime, FileTimeToSystemTime, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, EnterCriticalSection, LeaveCriticalSection, GetLastError, SetLastError, lstrlenW, FlushInstructionCache, GetCurrentProcess, lstrcmpW, MulDiv, GetModuleFileNameW, GlobalUnlock, GlobalLock, GlobalAlloc, RaiseException, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, DeleteCriticalSection, lstrlenA, InitializeCriticalSection, CreateDirectoryA, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetTempFileNameA, GetTempPathA, SetFileAttributesA, WideCharToMultiByte, GetShortPathNameW, GlobalMemoryStatus, CloseHandle, CreateFileW, lstrcpynW, GetPrivateProfileStringW, GlobalFree, GlobalHandle, WriteFile, SetFilePointer, SetEndOfFile, lstrcpynA, DeleteFileW, SetFileAttributesW, GetFileAttributesW, CreateDirectoryW, GetComputerNameW, LocalFree, LocalAlloc, CopyFileW, GetProcAddress, GetModuleHandleW, GetPrivateProfileIntW, GetTempPathW, GetVersionExW, GetSystemInfo, ReadFile, GetFileSize, GetTickCount, FreeLibrary, LoadLibraryA, DllMain
msimg32.dll
AlphaBlend, GradientFill
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoTaskMemAlloc, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoTaskMemFree, StringFromCLSID, CoReleaseMarshalData, CoMarshalInterface, CoUnmarshalInterface, CoUninitialize, CoTaskMemRealloc, CoRevokeClassObject, CoRegisterClassObject, OleRun, DoDragDrop, ReleaseStgMedium, CoGetMalloc, RegisterDragDrop, RevokeDragDrop, CoSetProxyBlanket, CoInitializeSecurity, OleGetClipboard, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CoCreateGuid, OleLockRunning, StringFromGUID2, CoInitialize, OleCreateStaticFromData, OleDuplicateData, OleSetContainedObject, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, PropVariantClear
pcre.dll
pcre_compile, pcre_exec, pcre_free
rmc_audio.dll
rmc_audio_release_pin, rmc_audio_release, rmc_audio_create, rmc_audio_pin_start, rmc_audio_register_callback, rmc_audio_create_local_play_pin, rmc_audio_stop, rmc_audio_pin_stop, rmc_audio_start, rmc_audio_create_rendering_pin, rmc_audio_unregister_callback
secur32.dll
GetUserNameExW
setupapi.dll
SetupDiGetDeviceRegistryPropertyW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList
shell32.dll
ShellExecuteW, ShellExecuteExW, SHGetFolderPathW, SHGetFileInfoW, DragQueryFileW, DragAcceptFiles, SHFileOperationW, SHAppBarMessage, Shell_NotifyIconW, SHGetMalloc, SHBrowseForFolderW, SHGetPathFromIDListW, SHCreateDirectoryExW
shlwapi.dll
PathStripPathW, UrlCreateFromPathW, PathFileExistsW, StrCmpNW, PathRemoveExtensionW, StrToIntW, PathIsURLW, PathFindExtensionW, PathCanonicalizeW, PathAppendW, PathIsRelativeW, UrlIsW, SHDeleteKeyW, PathFindFileNameW, wnsprintfW, PathCombineW, StrCpyNW, UrlEscapeW, StrCmpNIW, StrCmpNA, StrStrIW, PathIsDirectoryW, StrCpyW, SHCreateStreamOnFileW, SHStrDupW, PathFileExistsA, PathAddBackslashW, PathRemoveFileSpecW
urlmon.dll
CreateURLMonikerEx
user32.dll
DllMain
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
wininet.dll
InternetSetOptionW, InternetGetCookieW, InternetCloseHandle, InternetCrackUrlW, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetGetConnectedStateExW, InternetSetCookieW, HttpQueryInfoW, InternetSetCookieExW, InternetGetCookieExW, HttpOpenRequestA, InternetConnectA, HttpSendRequestExA, InternetWriteFile, HttpEndRequestA, InternetSetOptionA, HttpQueryInfoA, InternetReadFileExA, InternetSetStatusCallbackA, InternetOpenA, InternetReadFile, InternetQueryOptionW, InternetGetCookieA, InternetGetCookieExA, HttpEndRequestW, InternetQueryOptionA, HttpAddRequestHeadersA
winmm.dll
PlaySoundW, timeGetTime
wintrust.dll
WinVerifyTrust
ws2_32.dll
getaddrinfo, freeaddrinfo
wtsapi32.dll
WTSRegisterSessionNotification, WTSUnRegisterSessionNotification
xmllite.dll
CreateXmlWriter, CreateXmlReader
ylog.dll
ylog_debug, ylog_warning, ylog_error
ymdm_audio.dll
ymdm_audio_device_release, ymdm_audio_device_get_info, ymdm_audio_device_count_devices, ymdm_audio_device_create, ymdm_audio_device_display_name
ymdm_video.dll
ymdm_video_capt_device_count, ymdm_video_capt_device_get_info, ymdm_video_capt_device_create, ymdm_video_capt_device_release

YahooMessenger.exe

Yahoo! Messenger by Yahoo! Inc. (Signed)

Remove YahooMessenger.exe
Version:   11,5,0,0155
MD5:   46661d154e19d0afb3b9155ca040776c
SHA1:   5d46d5964ed54f3aa237d3dbac0357ddbe0b46bf
SHA256:   c290d791080189841de65a0c19ed75dff4a4ddf25b921c96bb69253c6757f3a0

What is YahooMessenger.exe?

Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.

About YahooMessenger.exe (from Yahoo! Inc.)

Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live fri

DetailsDetails

File name:YahooMessenger.exe
Publisher:Yahoo! Inc.
Product name:Yahoo! Messenger
Typical file path:C:\Program Files\Yahoo!\messenger\yahoomessenger.exe
File version:11,5,0,0155
Size:6.2 MB (6,497,592 bytes)
Certificate
Issued to:Yahoo! Inc.
Authority (CA):VeriSign
Effective date:Wednesday, August 12, 2009
Expiration date:Sunday, September 2, 2012
Digital DNA
PE subsystem:Windows GUI
Entropy:6.472139
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Yahoo! Messenger
 Yahoo! Inc.
7% remove
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.
AT&T Yahoo! Messenger
 Yahoo! Inc.
21% remove
AT&T Yahoo! Messenger is an AT&T branded version of Y! Messenger.
Yahoo!7 Messenger
 Yahoo! Inc.
3% remove
Just sign into Yahoo! Mail to enjoy the same Yahoo! Messenger for the Web service you know and love. Yahoo! Messenger within Yahoo! Mail also allows you to chat with your Facebook and Windows Live friends without requiring any installation. Send text messages in real-time to your friends on Yahoo! 7 or Windows Live™ Messenger. Share photos from your desktop or Flickr, then discuss them over IM while you and a friend view them together....
Yahoo! Install Manager
 Yahoo! Inc.
20% remove
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Yahoo! Pager' → "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  • 'Messenger (Yahoo!)' → "C:\Program Files1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
Scheduled tasks
  • The task '{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}' runs on registration in the path '\{FF8FDDAA-FA1C-4738-BB7B-E5395E714A5C}'
  • The job '{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}' runs on registration in the path '\{FEE0E7C4-2471-421A-B7F2-B7FCDE86041F}'
  • The task '{FE9DD168-2242-4692-9518-F849B006B42E}' runs on registration in the path '\{FE9DD168-2242-4692-9518-F849B006B42E}'
  • The job '{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}' runs on registration in the path '\{FE1C49CC-7C9E-41AB-8701-EB745F8F8B56}'
  • The task '{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}' runs on registration in the path '\{FB9D3C00-9DBC-4D9A-81CF-524478AD3C0E}'
  • The task '{FA79B2F5-7E02-4809-8B35-37242B09F0D8}' runs on registration in the path '\{FA79B2F5-7E02-4809-8B35-37242B09F0D8}'
  • The job '{F83786B3-255D-426C-8E5F-168388CB160D}' runs on registration in the path '\{F83786B3-255D-426C-8E5F-168388CB160D}'
  • The task '{F029C03D-44A7-4F3C-816A-B58D7D9F118B}' runs on registration in the path '\{F029C03D-44A7-4F3C-816A-B58D7D9F118B}'
  • The job '{E8178761-9854-4275-9D41-EDE6CF69B80D}' runs on registration in the path '\{E8178761-9854-4275-9D41-EDE6CF69B80D}'
  • The job '{DD6C57E2-0A17-411F-A257-F27B425B1E2F}' runs on registration in the path '\{DD6C57E2-0A17-411F-A257-F27B425B1E2F}'
  • The task '{DCD0C27A-7B98-4496-8BB0-54774348BE49}' runs on registration in the path '\{DCD0C27A-7B98-4496-8BB0-54774348BE49}'
  • The job '{D4A77F9F-4019-4429-9E31-6B4663884D3E}' runs on registration in the path '\{D4A77F9F-4019-4429-9E31-6B4663884D3E}'
  • The job '{D14D6992-E2DB-4701-8A81-95FA01C505D3}' runs on registration in the path '\{D14D6992-E2DB-4701-8A81-95FA01C505D3}'
  • The task '{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}' runs on registration in the path '\{CE655DCC-E3B1-4DEA-BC23-E1FA4814A5F3}'
  • The task '{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}' runs on registration in the path '\{CA6ABFEE-82B1-48B9-8C64-2AB8BF2FF498}'
  • The job '{C6969615-5B0C-4F8D-84F3-AD11330140E6}' runs on registration in the path '\{C6969615-5B0C-4F8D-84F3-AD11330140E6}'
  • The task '{BE61EF52-4612-49A3-9671-C4AF05E53DC7}' runs on registration in the path '\{BE61EF52-4612-49A3-9671-C4AF05E53DC7}'
  • The job '{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}' runs on registration in the path '\{AD0A62EE-2740-442F-9BC9-FFBA94D282D0}'
  • The task '{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}' runs on registration in the path '\{A8F88BC7-0E3B-4FA2-84E9-E9989331C21B}'
  • The job '{A471C0C4-3177-417F-8A98-F9F376A9B149}' runs on registration in the path '\{A471C0C4-3177-417F-8A98-F9F376A9B149}'
  • The task '{A34D260B-18EE-403F-B589-12DA6124FAB7}' runs on registration in the path '\{A34D260B-18EE-403F-B589-12DA6124FAB7}'
  • The task '{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}' runs on registration in the path '\{9CB61C15-ACD2-4FF6-9262-DDE56B2EF936}'
Network connections
Access through an approved Windows firewall exception
  • [TCP] sip105-p3.voice.ne1.yahoo.com (98.138.26.79:443)
  • [UDP] listens on port 56971
  • [UDP] listens on port 61085

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00044482%
    0.028634%
    Kernel CPU:0.00030545%
    0.013761%
    User CPU:0.00013937%
    0.014873%
    Kernel CPU time:6,170 ms/min
    100,923,805ms/min
    CPU cycles:3,796,238/sec
    17,470,203/sec
    Context switches:46/sec
    284/sec
    Memory
    Private memory:97.36 MB
    21.59 MB
    Private (maximum):17.2 MB
    Private (minimum):790 KB
    Non-paged memory:97.36 MB
    21.59 MB
    Virtual memory:304.67 MB
    140.96 MB
    Virtual memory (peak):329.05 MB
    169.69 MB
    Working set:3.1 MB
    18.61 MB
    Working set (peak):77.63 MB
    37.95 MB
    Page faults:5,772,409/min
    2,039/min
    I/O
    I/O read transfer:3.82 KB/sec
    1.02 MB/min
    I/O read operations:6/sec
    343/min
    I/O write transfer:1.53 KB/sec
    274.99 KB/min
    I/O write operations:2/sec
    227/min
    I/O other transfer:1.21 KB/sec
    448.09 KB/min
    I/O other operations:87/sec
    1,671/min
    Resource allocations
    Threads:37
    12
    Handles:764
    600
    GUI GDI count:1289
    103
    GUI GDI peak:1310
    142
    GUI USER count:144
    49
    GUI USER peak:177
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command lines:
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe" /cookieproxy
    • "C:\Program Files\yahoo!\messenger\yahoomessenger.exe" -quiet
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:0.00155377%
    0.272967%
    Kernel CPU:0.00090501%
    0.107585%
    User CPU:0.00064876%
    0.165382%
    CPU cycles:313,467/sec
    5,741,424/sec
    Context switches:7/sec
    79/sec
    Memory:1.66 MB
    1.16 MB
    YahooMessenger.exe (main module)
    Total CPU:0.00132453%
    Kernel CPU:0.00051055%
    User CPU:0.00081398%
    CPU cycles:543,231/sec
    Context switches:4/sec
    Memory:6.3 MB
    wow64.dll
    Total CPU:0.00015612%
    Kernel CPU:0.00006316%
    User CPU:0.00009296%
    CPU cycles:39,002/sec
    Memory:252 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 54.00%
    Microsoft Windows XP 17.50%
    Windows 7 Ultimate 13.00%
    Windows 8 Pro 4.00%
    Windows 8 2.00%
    Windows 8 Pro with Media Center 1.50%
    Windows 7 Professional 1.50%
    Windows Seven Black Edition 1.50%
    Windows 8 Single Language 1.50%
    Windows 7 Home Basic 1.50%
    Windows Vista Home Premium 1.50%
    Windows 8.1 Single Language Preview 0.50%

    Distribution by countryDistribution by country

    United States installs about 59.49% of Yahoo! Messenger.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 59.81%
    Dell 15.58%
    ASUS 6.23%
    Hewlett-Packard 4.67%
    Acer 4.67%
    American Megatrends 4.05%
    GIGABYTE 2.18%
    Compaq 0.62%
    Lenovo 0.62%
    Intel 0.62%
    Sony 0.62%
    Sahara 0.31%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE