Hello Paul,
it's my impression that the way browsers link to files is what is broken here...
100% possible but also just as possible is a security issue with Windows, even more so when it is the same driver that is crashing, see info below that I have highlighted in red + the link here which tells us what the driver is and how it is obtained/updated.
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 9f81af60, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 00000000, Parameter 1 of the exception
Debugging Details:
------------------
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
+0
9f81af60 84b4819f60b081 test byte ptr [ecx+eax*4-7E4F9F61h],dh
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: GetPointerFromAddress: unable to read from 83591850
Unable to read MiSystemVaType memory at 83571080
00000000
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
BUGCHECK_STR: 0x1e_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 8bd86e95 to 8bd8f271
CONTEXT: 9f81b060 -- (.cxr 0xffffffff9f81b060)
eax=00000000 ebx=00000000 ecx=9f81b55c edx=d8f1b698 esi=9f81b65c edi=9f81b638
eip=8bd8f271 esp=9f81b54c ebp=9f81b560 iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
ksecdd!InitUserModeContext+0x35:
8bd8f271 ff5008 call dword ptr [eax+8] ds:0023:00000008=????????
Resetting default scope
STACK_TEXT:
9f81b560 8bd86e95 9f81b65c 9f81b580 9f81b65c ksecdd!InitUserModeContext+0x35
9f81b5b8 8bd8ee09 00000000 9f81b65c 8bd8c3cc ksecdd!KsecProcessSecurityContext+0x133
9f81b5e8 8c06e997 9f81b664 9f81b65c 8bd8c3cc ksecdd!InitializeSecurityContextW+0x35
9f81b6a0 8c06eab2 0001bb1e 00000000 9f81b728 tcpip!WfpAlepCreateTokenFromLogonId+0x100
9f81b6e4 8c06e7e8 0001bb1e 00000000 9f81b728 tcpip!WfpAleCreateTokenFromLogonId+0x28
9f81b744 8c06b90f 865d3838 00000000 867f2c60 tcpip!WfpAlepSetSecurity+0x2e0
9f81b850 8c065d35 865d3838 980000c8 866aad88 tcpip!WfpAleProcessSecureSocketControl+0x20f
9f81b88c 8c0668ff 006aade8 8b98cc13 861fbee8 tcpip!TcpSetSockOptEndpoint+0x28e
9f81b8c0 834a1dc8 9f81b950 b32d6b3c 00000000 tcpip!TcpTlEndpointIoControlEndpointCalloutRoutine+0x51
9f81b928 8c0618de 8c0668ae 9f81b950 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
9f81b960 8b98d52e 866aad00 9f81b901 866aad88 tcpip!TcpTlEndpointIoControlEndpoint+0x67
9f81b9ac 8b98d2b1 86295358 00000003 980000c8 afd!WskProTLControlRequest+0xc4
9f81b9fc 8b98d464 86295358 00000058 861fbee8 afd!WskProControlSocketCore+0x3d7
9f81ba0c 8b98885a 9f81ba2c 83455f22 88cb68b0 afd!WskProIRPControlSocket+0x10
9f81ba14 83455f22 88cb68b0 861fbee8 00000000 afd!AfdWskDispatchInternalDeviceControl+0x21
9f81ba2c 8b98d433 00000002 980000c8 0000fffc nt!IofCallDriver+0x63
9f81ba54 9b6074dd 8629536c 00000002 980000c8 afd!WskProAPIControlSocket+0x8d
9f81bacc 9b607a64 867c05a0 897ba8b8 867f8a38 mrxsmb!SmbWskSetSocketOptions+0x1af
9f81bb9c 9b60692f 867f8a38 867f8a38 866cb970 mrxsmb!SmbWskInitiateAsynchronousConnect+0x193
9f81bbb4 9b606810 017f8a38 04e0e53e 89c9d9b0 mrxsmb!RxCeInitiateConnectRequest+0x44
9f81bcc4 9b6077e7 866cb970 9b6076c2 96b5be18 mrxsmb!RxCeBuildConnectionOverMultipleTransports+0x510
9f81bcd8 96b48143 866cb970 09340ef7 85ec7920 mrxsmb!RxCeInitiateConnection+0x125
9f81bd34 96b5ed74 96b5be18 96b5c118 9f81bd90 rdbss!RxpWorkerThreadDispatcher+0x13e
9f81bd44 83631b12 96b5be18 b32d6f84 00000000 rdbss!RxWorkerThreadDispatcher+0x1a
9f81bd90 834cf171 96b5ed5a 96b5be18 00000000 nt!PspSystemThreadStartup+0x159
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
FOLLOWUP_IP:
ksecdd!InitUserModeContext+35
8bd8f271 ff5008 call dword ptr [eax+8]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ksecdd!InitUserModeContext+35
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ksecdd
IMAGE_NAME: ksecdd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5b6daab9
STACK_COMMAND: .cxr 0xffffffff9f81b060 ; kb
FAILURE_BUCKET_ID: 0x1e_c0000005_ksecdd!InitUserModeContext+35
BUCKET_ID: 0x1e_c0000005_ksecdd!InitUserModeContext+35
Followup: MachineOwner
---------
The following drivers also failed to load;
Unloaded modules:
a6594000 a659b000 cpuz143_x32.
8c200000 8c20d000 crashdmp.sys
91c23000 91dd6000 dump_iaStor.
91dd6000 91de7000 dump_dumpfve
9841e000 98efa000 igdkmd32.sys
98efa000 98fb2000 dxgkrnl.sys
973a7000 973b3000 discache.sys
8bf16000 8bf3c000 ksecpkg.sys
No mention of MBAM or Norton this time.
Run
DriverMax to see if any driver updates are suggested for the chipset, network or storage devices
Please note that you are only allowed to download two drivers a day for free and be sure to uncheck the “install AVG toolbar” option box.
Remember to always create a new restore point before updating any drivers.