[r3shl4k1sh]

After checking around five computers (Windows 7 x86 (SP0)) i saw that almost all of them had IDT hooks, i assume that these hooks are part of the OS or an AV software (Mcafee) that was installed on the computers in question.

However i am unable to determine the Module that makes those hooks (all of the hooks are KiUnexpectedInterrupt):



Uploaded with ImageShack.us

I used various tools (Volatility, AntiSpy ...) in order to try to detect the root cause of these hooks.
Any explanation on whether these hooks are normal or something suspicious would be helpful.

Thanks.

[TETYYSs]

I saw this on 4 computers, it's just tool says so.

[EP_X0FF]

Depends on how this tool interpret IDT in a view of term "hooking". This can be mismatch between IDT table it found in binary and IDT it read from memory.