Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.14.10.4265 0.80%
6.14.10.4265 3.20%
6.14.10.4265 0.80%
6.14.10.4257 0.80%
6.14.10.4252 0.80%
6.14.10.4252 0.80%
6.14.10.4251 0.80%
6.14.10.4250 0.80%
6.14.10.4241 0.80%
6.14.10.4240 0.80%
6.14.10.4236 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4235 0.80%
6.14.10.4233 0.80%
6.14.10.4227 0.80%
6.14.10.4226 0.80%
6.14.10.4222 0.80%
6.14.10.4222 9.60%
6.14.10.4222 7.20%
6.14.10.4222 11.20%
6.14.10.4222 0.80%
6.14.10.4222 5.60%
6.14.10.4222 0.80%
6.14.10.4220 0.80%
View more

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
ReportEventA, RegSetValueExA, QueryServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, RegDeleteValueA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegisterEventSourceA, SetServiceStatus, CreateProcessAsUserA, RegCreateKeyA, CreateServiceA, DeleteService, RegisterServiceCtrlHandlerExA, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, FreeSid, RegCreateKeyExA, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorOwner, AllocateAndInitializeSid, RegEnumValueA, RegEnumKeyExA, RegQueryInfoKeyA, RegDeleteKeyA, GetLengthSid, CheckTokenMembership, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RevertToSelf, GetUserNameA, ImpersonateLoggedOnUser, RegOpenCurrentUser, SetThreadToken, OpenThreadToken, DeregisterEventSource
gdi32.dll
DeleteDC, CreateDCA, ExtEscape
kernel32.dll
ConnectNamedPipe, CreateNamedPipeA, GetTickCount, LocalFree, LocalAlloc, OpenFile, GetSystemDirectoryA, GetLocalTime, Beep, GetPrivateProfileStringA, UnmapViewOfFile, OpenFileMappingA, MapViewOfFile, CreateFileMappingA, QueryPerformanceCounter, FlushFileBuffers, GetSystemInfo, VirtualProtect, GetLocaleInfoA, SetStdHandle, SetConsoleCtrlHandler, GetCPInfo, GetOEMCP, GetACP, LCMapStringW, LCMapStringA, DeleteFileA, DisconnectNamedPipe, GetStringTypeA, IsBadCodePtr, SetUnhandledExceptionFilter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetStdHandle, RaiseException, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, VirtualQuery, InterlockedExchange, HeapSize, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, IsBadReadPtr, RtlUnwind, GetCurrentThread, OpenProcess, CreateProcessA, ReadFile, MultiByteToWideChar, WideCharToMultiByte, SetThreadPriority, ExitThread, TerminateThread, GetCurrentProcess, GetSystemTimeAsFileTime, GetProcessHeap, HeapAlloc, HeapFree, GetCurrentProcessId, CreateSemaphoreA, InterlockedDecrement, InterlockedIncrement, PulseEvent, CreateMutexA, ReleaseSemaphore, DeviceIoControl, GetVersionExA, GetSystemPowerStatus, CreateThread, GetModuleFileNameA, GetExitCodeProcess, TerminateProcess, GetSystemTime, CreateFileA, SetFilePointer, WriteFile, ExitProcess, OpenMutexA, ReleaseMutex, OutputDebugStringA, CallNamedPipeA, GetProcAddress, FreeLibrary, LoadLibraryA, OpenEventA, SetEvent, WaitForSingleObject, WaitForMultipleObjects, CreateEventA, ResetEvent, Sleep, GetCurrentThreadId, GetLastError, GetStringTypeW, CloseHandle, GetExitCodeThread, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetLocaleInfoW, GetTimeZoneInformation, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, IsValidCodePage, IsValidLocale, GetUserDefaultLCID, GetDateFormatA, GetTimeFormatA, GetModuleHandleW, InitializeCriticalSection, GetConsoleMode, GetConsoleCP, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, EnumSystemLocalesA, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue
ole32.dll
CoUninitialize, CoCreateInstance, CoInitializeEx, CoInitializeSecurity
psapi.dll
GetModuleBaseNameA, EnumProcessModules, EnumProcesses
setupapi.dll
SetupDiGetDeviceRegistryPropertyA, SetupDiSetClassInstallParamsA, SetupDiCallClassInstaller, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList, SetupDiGetDeviceInfoListDetailA, SetupDiGetClassDevsA, CM_Get_Parent, CM_Get_Device_ID_ExA, CM_Get_DevNode_Registry_PropertyA, SetupDiOpenDevRegKey, SetupDiGetDeviceInstanceIdA, CM_Reenumerate_DevNode, SetupDiGetHwProfileList, CM_Get_Child_Ex, CM_Get_DevNode_Status
user32.dll
UnregisterDeviceNotification, EnumDisplaySettingsA, KillTimer, RegisterDeviceNotificationA, SetTimer, SetCursor, LoadCursorA, GetCursor, SendInput, wsprintfA, RegisterWindowMessageA, RegisterHotKey, UnregisterHotKey, GetForegroundWindow, GetDesktopWindow, GetWindowThreadProcessId, BroadcastSystemMessageA, ExitWindowsEx, SystemParametersInfoA, OpenDesktopA, CloseDesktop, SendNotifyMessageA, MsgWaitForMultipleObjects, GetCursorPos, MonitorFromPoint, GetMonitorInfoA, GetMessageA, DispatchMessageA, TranslateMessage, IsWindow, DestroyWindow, DefWindowProcA, PostMessageA, FindWindowA, RegisterClassA, CreateWindowExA, ShowWindow, MessageBoxA, EnumDisplayDevicesA, ChangeDisplaySettingsExA, ChangeDisplaySettingsA, EnumDisplaySettingsExA, GetSystemMetrics, SetWindowPos, EnumWindows, SendMessageA, GetPropA
userenv.dll
GetUserProfileDirectoryW, LoadUserProfileA, UnloadUserProfile

ATI2EVXX.exe

ATI External Event Utility for Windows by ATI Technologies

Remove ATI2EVXX.exe
Version:   6.14.10.4190
MD5:   33e222c68f71a06cb11c5eeb49d91f02
SHA1:   f06141f0f9856ca4e788977fae390de09cb3b26b
SHA256:   1ef76787087af9ef834203be28b8e9a13b00da0016192af00d2c8c51730848e7

What is ATI2EVXX.exe?

The ATI External Event Utility for Windows reacts to external events (such as hotkeys or programs starting or stopping) and changes your video card's settings.

Overview

ati2evxx.exe runs as a service under the name Ati HotKey Poller (Ati External Event Utility) with extensive SYSTEM privileges (full administrator access).

DetailsDetails

File name:ati2evxx.exe
Publisher:ATI Technologies Inc.
Product name:ATI External Event Utility for Windows
Description:ATI External Event Utility EXE Module
Typical file path:C:\Windows\System32\ati2evxx.exe
File version:6.14.10.4190
Size:648 KB (663,552 bytes)
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Ati External Event Utility'
  • 'Ati HotKey Poller'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00007330%
0.028634%
Kernel CPU:0.00003724%
0.013761%
User CPU:0.00003607%
0.014873%
Kernel CPU time:1,287 ms/min
100,923,805ms/min
Memory
Private memory:2.17 MB
21.59 MB
Private (maximum):4.96 MB
Private (minimum):728 KB
Non-paged memory:2.17 MB
21.59 MB
Virtual memory:44.83 MB
140.96 MB
Virtual memory (peak):47.95 MB
169.69 MB
Working set:1.71 MB
18.61 MB
Working set (peak):5.21 MB
37.95 MB
Resource allocations
Threads:6
12
Handles:148
600
GUI GDI count:9
103
GUI USER count:6
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • ati2evxx.exe -client
  • C:\Windows\System32\ati2evxx.exe
Owner:SYSTEM
Windows Service
Service name:Ati External Event Utility
Display name:Ati HotKey Poller
Type:Win32OwnProcess
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 57.60%
Windows Vista Home Premium 17.60%
Windows 7 Ultimate 9.60%
Windows Vista Business 3.20%
Windows 7 Professional 3.20%
Windows Vista Home Basic 2.40%
Windows 7 Home Premium 2.40%
Windows 7 Starter 2.40%
Windows 8 0.80%
Windows 8 Pro 0.80%

Distribution by countryDistribution by country

United States installs about 42.74% of ATI External Event Utility for Windows.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 27.45%
Toshiba 21.57%
Hewlett-Packard 12.75%
ASUS 7.84%
Acer 5.88%
Intel 5.88%
GIGABYTE 4.90%
American Megatrends 4.90%
Compaq 1.96%
Lenovo 1.96%
Gateway 1.96%
Sony 1.96%
Sahara 0.98%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE