Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.14.10.4265 0.80%
6.14.10.4265 3.20%
6.14.10.4265 0.80%
6.14.10.4257 0.80%
6.14.10.4252 0.80%
6.14.10.4252 0.80%
6.14.10.4251 0.80%
6.14.10.4250 0.80%
6.14.10.4241 0.80%
6.14.10.4240 0.80%
6.14.10.4236 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4233 0.80%
6.14.10.4227 0.80%
6.14.10.4226 0.80%
6.14.10.4222 0.80%
6.14.10.4222 9.60%
6.14.10.4222 7.20%
6.14.10.4222 11.20%
6.14.10.4222 0.80%
6.14.10.4222 5.60%
6.14.10.4222 0.80%
6.14.10.4220 0.80%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
ReportEventA, RegSetValueExA, QueryServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegisterEventSourceA, SetServiceStatus, CreateProcessAsUserA, RegCreateKeyA, CreateServiceA, DeleteService, RegisterServiceCtrlHandlerExA, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, FreeSid, RegCreateKeyExA, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorOwner, AllocateAndInitializeSid, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegDeleteKeyA, GetLengthSid, CheckTokenMembership, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RevertToSelf, GetUserNameA, ImpersonateLoggedOnUser, RegOpenCurrentUser, SetThreadToken, OpenThreadToken, DeregisterEventSource
gdi32.dll
DeleteDC, CreateDCA, ExtEscape
kernel32.dll
ConnectNamedPipe, CreateNamedPipeA, GetTickCount, LocalFree, LocalAlloc, OpenFile, GetSystemDirectoryA, GetLocalTime, Beep, GetPrivateProfileStringA, UnmapViewOfFile, OpenFileMappingA, MapViewOfFile, CreateFileMappingA, QueryPerformanceCounter, FlushFileBuffers, GetSystemInfo, VirtualProtect, GetLocaleInfoA, SetStdHandle, SetConsoleCtrlHandler, GetCPInfo, GetOEMCP, GetACP, LCMapStringW, LCMapStringA, DeleteFileA, DisconnectNamedPipe, GetStringTypeA, IsBadCodePtr, SetUnhandledExceptionFilter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetStdHandle, RaiseException, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, VirtualQuery, InterlockedExchange, HeapSize, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, IsBadReadPtr, RtlUnwind, GetCurrentThread, OpenProcess, CreateProcessA, ReadFile, MultiByteToWideChar, WideCharToMultiByte, SetThreadPriority, ExitThread, TerminateThread, GetCurrentProcess, GetSystemTimeAsFileTime, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentProcessId, CreateSemaphoreA, InterlockedDecrement, InterlockedIncrement, PulseEvent, CreateMutexA, ReleaseSemaphore, DeviceIoControl, GetVersionExA, GetSystemPowerStatus, CreateThread, GetModuleFileNameA, GetExitCodeProcess, TerminateProcess, GetSystemTime, CreateFileA, SetFilePointer, WriteFile, ExitProcess, OpenMutexA, ReleaseMutex, OutputDebugStringA, CallNamedPipeA, GetProcAddress, FreeLibrary, LoadLibraryA, OpenEventA, SetEvent, WaitForSingleObject, WaitForMultipleObjects, CreateEventA, ResetEvent, Sleep, GetCurrentThreadId, GetLastError, GetStringTypeW, CloseHandle, GetExitCodeThread, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetLocaleInfoW, GetTimeZoneInformation, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, IsValidCodePage, IsValidLocale, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetModuleHandleW, InitializeCriticalSection, GetConsoleMode, GetConsoleCP, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, EnumSystemLocalesA, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue
ole32.dll
CoUninitialize, CoCreateInstance, CoInitializeEx, CoInitializeSecurity
psapi.dll
GetModuleBaseNameA, EnumProcessModules, EnumProcesses
setupapi.dll
SetupDiGetDeviceRegistryPropertyA, SetupDiSetClassInstallParamsA, SetupDiCallClassInstaller, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInfoListDetailA, SetupDiGetClassDevsA, CM_Get_Parent, CM_Get_Device_ID_ExA, CM_Get_DevNode_Registry_PropertyA, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdA, CM_Reenumerate_DevNode, SetupDiGetHwProfileList, CM_Get_Child_Ex, CM_Get_DevNode_Status
user32.dll
UnregisterDeviceNotification, EnumDisplaySettingsA, KillTimer, RegisterDeviceNotificationA, SetTimer, SetCursor, LoadCursorA, GetCursor, SendInput, wsprintfA, RegisterWindowMessageA, RegisterHotKey, UnregisterHotKey, GetForegroundWindow, GetDesktopWindow, GetWindowThreadProcessId, BroadcastSystemMessageA, ExitWindowsEx, SystemParametersInfoA, OpenDesktopA, CloseDesktop, SendNotifyMessageA, MsgWaitForMultipleObjects, GetCursorPos, MonitorFromPoint, GetMonitorInfoA, GetMessageA, DispatchMessageA, TranslateMessage, IsWindow, DestroyWindow, DefWindowProcA, PostMessageA, FindWindowA, RegisterClassA, CreateWindowExA, ShowWindow, MessageBoxA, EnumDisplayDevicesA, ChangeDisplaySettingsExA, ChangeDisplaySettingsA, EnumDisplaySettingsExA, GetSystemMetrics, SetWindowPos, EnumWindows, SendMessageA, GetPropA
userenv.dll
GetUserProfileDirectoryW, LoadUserProfileA, UnloadUserProfile

ATI2EVXX.exe

ATI External Event Utility for Windows by ATI Technologies

Remove ATI2EVXX.exe
Version:   6.14.10.4188
MD5:   fa328b0d8de00e9fe13496ae9c0ef5ef
SHA1:   9367cd31e0510fc09063841d648eaf66152f26d3

What is ATI2EVXX.exe?

The ATI External Event Utility for Windows reacts to external events (such as hotkeys or programs starting or stopping) and changes your video card's settings.

Overview

ati2evxx.exe runs as a service under the name Ati HotKey Poller (Ati External Event Utility) with extensive SYSTEM privileges (full administrator access).

DetailsDetails

File name:ati2evxx.exe
Publisher:ATI Technologies Inc.
Product name:ATI External Event Utility for Windows
Description:ATI External Event Utility EXE Module
Typical file path:C:\Windows\System32\ati2evxx.exe
File version:6.14.10.4188
Size:500 KB (512,000 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Ati External Event Utility'
  • 'Ati HotKey Poller'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00007208%
0.028634%
Kernel CPU:0.00005773%
0.013761%
User CPU:0.00001435%
0.014873%
Kernel CPU time:41,250 ms/min
100,923,805ms/min
Context switches:1/sec
284/sec
Memory
Private memory:2.03 MB
21.59 MB
Private (maximum):3.54 MB
Private (minimum):3.48 MB
Non-paged memory:2.03 MB
21.59 MB
Virtual memory:26.13 MB
140.96 MB
Virtual memory (peak):27.29 MB
169.69 MB
Working set:3.54 MB
18.61 MB
Working set (peak):3.69 MB
37.95 MB
Resource allocations
Threads:4
12
Handles:106
600
GUI GDI count:7
103
GUI USER count:6
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command lines:
  • ati2evxx.exe -client
  • C:\Windows\System32\ati2evxx.exe
Owner:SYSTEM
Windows Service
Service name:Ati External Event Utility
Display name:Ati HotKey Poller
Type:Win32OwnProcess

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 57.60%
Windows Vista Home Premium 17.60%
Windows 7 Ultimate 9.60%
Windows Vista Business 3.20%
Windows 7 Professional 3.20%
Windows Vista Home Basic 2.40%
Windows 7 Home Premium 2.40%
Windows 7 Starter 2.40%
Windows 8 0.80%
Windows 8 Pro 0.80%

Distribution by countryDistribution by country

United States installs about 42.74% of ATI External Event Utility for Windows.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 27.45%
Toshiba 21.57%
Hewlett-Packard 12.75%
ASUS 7.84%
Acer 5.88%
Intel 5.88%
GIGABYTE 4.90%
American Megatrends 4.90%
Compaq 1.96%
Lenovo 1.96%
Gateway 1.96%
Sony 1.96%
Sahara 0.98%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE