What makes NTDLL!_KiUserApcDispatcher jump to an address which doesn't belong to a module in a process?

I'm debugging a crash dump which gets an Access Violation exception (0xC0000005). The AVE comes from jumping to an address that doesn't belong to any of the 2 loaded modules in the process:

What would cause this so early in the process?

It appears that the process is mapping memory (_ZwCreateSection) to load a module... did the module fail to load in some way which LoadLibrary succeeds but the module isn't actually loaded?

The cause for this behavior was an anti-virus software (Norton) hijacking the DLL load. Running GFlags to debug LoadLibrary showed that the mscorlib.dll library was being prevented from loading.