0
I'm having a bit of trouble with one of my Windows 7 Professional 64-bit w/ SP1 computers browsing the internet. I use the computer as a bed for testing different applications and so forth. The history is this : I had tested out some internet cafe programs a month or so ago. None of them worked as stated or desired, so I ended up uninstalling them from the system. Since then, I can't browse the internet with the latest versions of Chrome, Firefox, Safari, Internet Explorer, or even Lynx.
I've done practically everything from my own experience or that I've found in other articles or forums where people have similar issues. Here's a list of what works and what I've tried:
- I can successfully ping/tracert/nslookup any IP address or domain name.
- I can successfully browse the internet using the browsers listed above if I directly type the IP address
- I can successfully connect to the problematic computer remotely via Remote Desktop and GoToAssist.
- I can successfully browse the local workgroup network and connect to other network shares.
- I've checked the proxy settings for the computer and no proxy is set.
- I've scanned the computer for viruses/malware (clean).
- I've repaired WinSock/TCPIP, cleared all proxy/VPN settings, and repaired the Windows Firewall, along with using the rest of the tools available with the NetAdapter Repair All-In-One v1.2 utility (including resetting the DNS servers, flushing the DNS cache, etc., etc.).
- I've uninstalled the network drivers, downloaded the very latest (Realtek GBe) drivers, and reinstalled the NIC.
- I've repaired a problem found in Winsock 2 using LSP-Fix (I was excited and thought this was the fix, but alas it didn't affect the problem). Running LSP-Fix afterwards shows "No problems found".
- I've ran WinMRT and it successfully resolves hostnames and performs the tracert with no problem.
- I've monitored the TCP traffic using TCPView and Wireshark, but I didn't notice anything in either log.
- I've imported the registry settings for HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ from a working computer to no affect.
- I've logged into the computer as a separate user and have the same internet browsing problem in all browsers listed above.
In addition to the list above, the only thing that has allowed me to browse the internet in a web browser has been to install the Tor bundle and use the TorBrowser. Additionally, some other applications (such as Dropbox) will not connect to the internet.
I've looked and had thought about attempting a system restore, but unfortunately have no restore points that are listed before installing the cyber cafe software. I have not attempted a Windows repair installation or a full format and reinstall as the system is in perfect working order other than this particular problem (and I would prefer not to have to reinstall).
I'm to the point now where I could use some assistance, so that's why I'm posting here on SuperUser and on Experts-Exchange. I do not have any desire to give up on the problem and just reinstall, so any help would be greatly appreciated.
Thanks, Justin
Justin
Posted 2014-09-18T22:54:27.523
Reputation: 55
Do you have any 3rd party firewall software installed? Sounds like an outbound filtering rule gone wrong to me. Alternatively, can you use software that isn't a browser (e.g. telnet) to connect to HTTP servers? – Jules – 2014-09-18T23:22:15.773
In case you're unfamiliar with using telnet for HTTP: http://support.microsoft.com/kb/279466
– Jules – 2014-09-18T23:24:25.810Have you scanned for rootkits/malware/etc? – DavidPostill – 2014-09-19T07:15:29.513
@Jules No, there is no third-party firewall installed. As I mentioned we can connect to any HTTP servers just fine when using an IP address, just not with domain name. I went ahead and attempted the telnet connection like you had suggested, but I can't connect to any website like that regardless of whether or not I use my broken computer or my working computer. It does resolve the host and starts the connection though - it just states that the connection is lost afterwards and I'm not able to enter any GET commands. – Justin – 2014-09-19T16:28:01.477
@DavidPostill As I mentioned in my post, I have scanned the system and it is clean. FYI - I've ran RKill (prior to the other scans), Malwarebytes Anti-Malware, Malwarebytes Anti-Rootkit, Avast Free Antivirus, JRT, Adwcleaner, Kaspersky TDSSKiller, SuperAntiSpyware, and ComboFix. Also, as a note, I've performed a clean diagnostic boot with msconfig as well as booting into Safe Mode with Networking, but I have the same problems either way. – Justin – 2014-09-19T16:31:25.517
Hmmm, just noticed that someone downvoted my question =/
I thought I was very clear and included all of the pertinent information in my original post. – Justin – 2014-09-19T17:05:15.640
I've done a little additional testing and found that if I enable the "Built-in Asynchronous DNS" option under chrome://flags, I'm able to browse the internet with Chrome. With this option set to default or disabled, the same browsing issue occurs. I've ran a couple of tests as well under the "Tests" tab in chrome://net-internals/ and receive "ERR_NAME_NOT_RESOLVED (-105)" as the error for every FAIL result listed (when the Asynchronous DNS option is default or disabled).
So currently, I can only browse the internet using the TorBrowser or using Chrome with Built-in Asynchronous DNS turn on. – Justin – 2014-09-22T19:15:30.887
I've also installed Sandboxie and attempted to run my browser in sandboxed mode. This still doesn't allow me to browse. However, I've found that Windows Update will connect up just fine (not through the browser, but the Windows Update program). Also, Microsoft Security Essentials will download updates just fine, even though other programs like Malwarebytes will not update (I had to manually download the definition updates from a different computer). – Justin – 2014-09-23T21:10:06.873
One strange issue that I'm seeing is through Fiddler Web Debugger. After opening up the program, I can open Chrome and browse the internet, even with the Built-in Asynchronous DNS turned off. However, I'm still unable to browse using Firefox or Internet Explorer. I also see three unknown connections in the list from the chrome.exe process that attempts to connect to the following three hosts : yofzkbnhqqdp, ixrexmvpscwj, and tnbafyeuym. The request headers that it shows for all three of these connections are as follows: – Justin – 2014-09-23T21:10:44.363
HEAD http://yofzkbnhqqdp/ HTTP/1.1 Host: yofzkbnhqqdp Proxy-Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Accept-Encoding: gzip,deflate
– Justin – 2014-09-23T21:20:17.290Obviously above, the host changes for these three entries. These are also obviously incorrect hostnames, but the "Proxy-Connection: keep-alive" is what is worrisome as there are no proxy settings set on this computer (anywhere in Internet Options or the registry). I obviously also receive a 502 result from these three HTTP connections.
The last very weird thing that I've noticed is that Chrome will no longer allow me to browse the internet after closing Fiddler (except with the Asynchronous DNS turned back on). – Justin – 2014-09-23T21:20:40.967
Also, I can browse the internet successfully with absolutely no problems from a running virtual machine that is hosted on this computer. – Justin – 2014-09-23T21:21:34.743
Ok, I see where the Fiddler application acts as a system proxy on startup on port 8888. Even though this is the case, it still only allows Chrome to connect to the internet after its running. – Justin – 2014-09-23T21:31:13.340