Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.14.10.4265 0.80%
6.14.10.4265 3.20%
6.14.10.4265 0.80%
6.14.10.4257 0.80%
6.14.10.4252 0.80%
6.14.10.4252 0.80%
6.14.10.4251 0.80%
6.14.10.4250 0.80%
6.14.10.4241 0.80%
6.14.10.4240 0.80%
6.14.10.4236 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4233 0.80%
6.14.10.4227 0.80%
6.14.10.4226 0.80%
6.14.10.4222 0.80%
6.14.10.4222 9.60%
6.14.10.4222 7.20%
6.14.10.4222 11.20%
6.14.10.4222 0.80%
6.14.10.4222 5.60%
6.14.10.4222 0.80%
6.14.10.4220 0.80%
View more

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
ReportEventA, RegSetValueExA, QueryServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegisterEventSourceA, SetServiceStatus, CreateProcessAsUserA, RegCreateKeyA, CreateServiceA, DeleteService, RegisterServiceCtrlHandlerExA, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, FreeSid, RegCreateKeyExA, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorOwner, AllocateAndInitializeSid, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegDeleteKeyA, GetLengthSid, CheckTokenMembership, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RevertToSelf, GetUserNameA, ImpersonateLoggedOnUser, RegOpenCurrentUser, SetThreadToken, OpenThreadToken, DeregisterEventSource
gdi32.dll
DeleteDC, CreateDCA, ExtEscape
kernel32.dll
ConnectNamedPipe, CreateNamedPipeA, GetTickCount, LocalFree, LocalAlloc, OpenFile, GetSystemDirectoryA, GetLocalTime, Beep, GetPrivateProfileStringA, UnmapViewOfFile, OpenFileMappingA, MapViewOfFile, CreateFileMappingA, QueryPerformanceCounter, FlushFileBuffers, GetSystemInfo, VirtualProtect, GetLocaleInfoA, SetStdHandle, SetConsoleCtrlHandler, GetCPInfo, GetOEMCP, GetACP, LCMapStringW, LCMapStringA, DeleteFileA, DisconnectNamedPipe, GetStringTypeA, IsBadCodePtr, SetUnhandledExceptionFilter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetStdHandle, RaiseException, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, VirtualQuery, InterlockedExchange, HeapSize, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, IsBadReadPtr, RtlUnwind, GetCurrentThread, OpenProcess, CreateProcessA, ReadFile, MultiByteToWideChar, WideCharToMultiByte, SetThreadPriority, ExitThread, TerminateThread, GetCurrentProcess, GetSystemTimeAsFileTime, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentProcessId, CreateSemaphoreA, InterlockedDecrement, InterlockedIncrement, PulseEvent, CreateMutexA, ReleaseSemaphore, DeviceIoControl, GetVersionExA, GetSystemPowerStatus, CreateThread, GetModuleFileNameA, GetExitCodeProcess, TerminateProcess, GetSystemTime, CreateFileA, SetFilePointer, WriteFile, ExitProcess, OpenMutexA, ReleaseMutex, OutputDebugStringA, CallNamedPipeA, GetProcAddress, FreeLibrary, LoadLibraryA, OpenEventA, SetEvent, WaitForSingleObject, WaitForMultipleObjects, CreateEventA, ResetEvent, Sleep, GetCurrentThreadId, GetLastError, GetStringTypeW, CloseHandle, GetExitCodeThread, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetLocaleInfoW, GetTimeZoneInformation, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, IsValidCodePage, IsValidLocale, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetModuleHandleW, InitializeCriticalSection, GetConsoleMode, GetConsoleCP, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, EnumSystemLocalesA, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue
ole32.dll
CoUninitialize, CoCreateInstance, CoInitializeEx, CoInitializeSecurity
psapi.dll
GetModuleBaseNameA, EnumProcessModules, EnumProcesses
setupapi.dll
SetupDiGetDeviceRegistryPropertyA, SetupDiSetClassInstallParamsA, SetupDiCallClassInstaller, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInfoListDetailA, SetupDiGetClassDevsA, CM_Get_Parent, CM_Get_Device_ID_ExA, CM_Get_DevNode_Registry_PropertyA, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdA, CM_Reenumerate_DevNode, SetupDiGetHwProfileList, CM_Get_Child_Ex, CM_Get_DevNode_Status
user32.dll
UnregisterDeviceNotification, EnumDisplaySettingsA, KillTimer, RegisterDeviceNotificationA, SetTimer, SetCursor, LoadCursorA, GetCursor, SendInput, wsprintfA, RegisterWindowMessageA, RegisterHotKey, UnregisterHotKey, GetForegroundWindow, GetDesktopWindow, GetWindowThreadProcessId, BroadcastSystemMessageA, ExitWindowsEx, SystemParametersInfoA, OpenDesktopA, CloseDesktop, SendNotifyMessageA, MsgWaitForMultipleObjects, GetCursorPos, MonitorFromPoint, GetMonitorInfoA, GetMessageA, DispatchMessageA, TranslateMessage, IsWindow, DestroyWindow, DefWindowProcA, PostMessageA, FindWindowA, RegisterClassA, CreateWindowExA, ShowWindow, MessageBoxA, EnumDisplayDevicesA, ChangeDisplaySettingsExA, ChangeDisplaySettingsA, EnumDisplaySettingsExA, GetSystemMetrics, SetWindowPos, EnumWindows, SendMessageA, GetPropA
userenv.dll
GetUserProfileDirectoryW, LoadUserProfileA, UnloadUserProfile

ATI2EVXX.exe

ATI External Event Utility for Windows by ATI Technologies

Remove ATI2EVXX.exe
Version:   6.14.10.4190
MD5:   54d715af597c06e87418c50f481bdd2c
SHA1:   d10c39b2d8510f43b5451dfbe2abd97750c0cfa5
SHA256:   f653c6bff234756e207a660fd49f7b250f4c80dace93fec2bf901665ee00cfeb

What is ATI2EVXX.exe?

The ATI External Event Utility for Windows reacts to external events (such as hotkeys or programs starting or stopping) and changes your video card's settings.

Overview

ati2evxx.exe runs as a service under the name Ati HotKey Poller (Ati External Event Utility) with extensive SYSTEM privileges (full administrator access).

DetailsDetails

File name:ati2evxx.exe
Publisher:ATI Technologies Inc.
Product name:ATI External Event Utility for Windows
Description:ATI External Event Utility EXE Module
Typical file path:C:\Windows\System32\ati2evxx.exe
File version:6.14.10.4190
Size:652 KB (667,648 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Ati External Event Utility'
  • 'Ati HotKey Poller'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00032158%
0.028634%
Kernel CPU:0.00014763%
0.013761%
User CPU:0.00017396%
0.014873%
Kernel CPU time:585,136 ms/min
100,923,805ms/min
Memory
Private memory:2.1 MB
21.59 MB
Private (maximum):5.01 MB
Private (minimum):4.69 MB
Non-paged memory:2.1 MB
21.59 MB
Virtual memory:45.1 MB
140.96 MB
Virtual memory (peak):48.43 MB
169.69 MB
Working set:4.88 MB
18.61 MB
Working set (peak):5.07 MB
37.95 MB
Resource allocations
Threads:6
12
Handles:145
600
GUI GDI count:9
103
GUI USER count:6
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • C:\Windows\System32\ati2evxx.exe
  • ati2evxx.exe -client
Owner:SYSTEM
Windows Service
Service name:Ati External Event Utility
Display name:Ati HotKey Poller
Type:Win32OwnProcess
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 57.60%
Windows Vista Home Premium 17.60%
Windows 7 Ultimate 9.60%
Windows Vista Business 3.20%
Windows 7 Professional 3.20%
Windows Vista Home Basic 2.40%
Windows 7 Home Premium 2.40%
Windows 7 Starter 2.40%
Windows 8 0.80%
Windows 8 Pro 0.80%

Distribution by countryDistribution by country

United States installs about 42.74% of ATI External Event Utility for Windows.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 27.45%
Toshiba 21.57%
Hewlett-Packard 12.75%
ASUS 7.84%
Acer 5.88%
Intel 5.88%
GIGABYTE 4.90%
American Megatrends 4.90%
Compaq 1.96%
Lenovo 1.96%
Gateway 1.96%
Sony 1.96%
Sahara 0.98%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE