Solved

All internet browsers won't resolve DNS except for TorBrowser

Posted on 2014-09-18
25
685 Views
Last Modified: 2014-10-05
I'm having a bit of trouble with one of my Windows 7 Professional 64-bit w/ SP1 computers browsing the internet. I use the computer as a bed for testing different applications and so forth. The history is this : I had tested out some internet cafe programs a month or so ago. None of them worked as stated or desired, so I ended up uninstalling them from the system. Since then, I can't browse the internet with the latest versions of Chrome, Firefox, Safari, Internet Explorer, or even Lynx.

I've done practically everything from my own experience or that I've found in other articles or forums where people have similar issues. Here's a list of what works and what I've tried:

I can successfully ping/tracert/nslookup any IP address or domain name.
I can successfully browse the internet using the browsers listed above if I directly type the IP address
I can successfully connect to the problematic computer remotely via Remote Desktop and GoToAssist.
I can successfully browse the local workgroup network and connect to other network shares.
I've checked the proxy settings for the computer and no proxy is set.
I've scanned the computer for viruses/malware (clean).
I've repaired WinSock/TCPIP, cleared all proxy/VPN settings, and repaired the Windows Firewall, along with using the rest of the tools available with the NetAdapter Repair All-In-One v1.2 utility (including resetting the DNS servers, flushing the DNS cache, etc., etc.).
I've uninstalled the network drivers, downloaded the very latest (Realtek GBe) drivers, and reinstalled the NIC.
I've repaired a problem found in Winsock 2 using LSP-Fix (I was excited and thought this was the fix, but alas it didn't affect the problem). Running LSP-Fix afterwards shows "No problems found".
I've ran WinMRT and it successfully resolves hostnames and performs the tracert with no problem.
I've monitored the TCP traffic using TCPView and Wireshark, but I didn't notice anything in either log.
I've imported the registry settings for HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ from a working computer to no affect.
I've logged into the computer as a separate user and have the same internet browsing problem in all browsers listed above.

In addition to the list above, the only thing that has allowed me to browse the internet in a web browser has been to install the Tor bundle and use the TorBrowser. Additionally, some other applications (such as Dropbox) will not connect to the internet.

I've looked and had thought about attempting a system restore, but unfortunately have no restore points that are listed before installing the cyber cafe software. I have not attempted a Windows repair installation or a full format and reinstall as the system is in perfect working order other than this particular problem (and I would prefer not to have to reinstall).

I'm to the point now where I could use some assistance, so that's why I'm posting here on SuperUser and on Experts-Exchange. I do not have any desire to give up on the problem and just reinstall, so any help would be greatly appreciated.

Thanks, Justin
0
Comment
Question by:pccopilots
  • 14
  • 5
  • 3
  • +1
25 Comments
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Sounds life a DNS problem but it sends you ruled that out.  Did you try to reinstall any of the browsers? I mean a complete uninstall  and reinstall. Also did you rty changing y your DNS to Google at 8.8.8.8? If you try to install chameleon and run it (the svchost file), can it update mbam?
0
 

Author Comment

by:pccopilots
Comment Utility
Thanks for the reply Thomas. I did perform a reinstall for Firefox, and I hadn't had Safari previously installed before running into the problem.

Yes, I typically have all of my computers with Google's DNS server entered manually. Of course, I've tried OpenDNS's, Windstream's, and my own personal DNS servers as well. As a note for you, the NetAdapter utility sets Google's DNS servers as well before running the command to flush the DNS cache.

In regards to Malwarebytes, when I attemapt to run the chameleon version (regardless of the executable), it fails to download from the web as I'm assuming it requires an internet domain name.

Other programs that connect via IP address connect up without a problem (such as my FTP client), while programs that require DNS do not.
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
I'm not sure if Chameleon connects via DNS or not. the IP for malwarebytes.org is 184.173.97.192, if that helps.  It sounds like the software you tested turned off System Restore, which would have deleted all restore points.  Do you have any other backups?

I know this is not helpful now, but in the future I would run WinPatrol (plus or free version - I like the plus version better) so it alerts you to this kind of change.  Also test software in a virtual machine instead of installing it to your real machine.
0
 

Author Comment

by:pccopilots
Comment Utility
Hi Thomas. I actually stated in my original post that I do have system restore turned on, but I have no restore points from before testing this software. I also mentioned that this is my test box - it's not one of my primary computers. I do test things in virtual machines as well (which are on this test box), but testing cafe programs require a server and client (my test box was the server and one of my virtual machines a the client).
0
 

Expert Comment

by:jeremymorris24
Comment Utility
Have you checked your C:\windows\system32\drivers\etc folder to make sure there are no strange entries in the files there (such as your hosts, protocols, services, networks, lmhosts, etc)? If you are unsure what the typical entries are, try copying those from a working computer and replacing those files on the broken machine.
0
 

Author Comment

by:pccopilots
Comment Utility
Thanks for your reply Jeremy. I have already checked my hosts file under this directory and there are no problems with it. There aren't any strange files in this directory either. I checked the lmhosts.sam, networks, protocols, and services files as well and those match my working machine.
0
 

Author Comment

by:pccopilots
Comment Utility
I've done a little additional testing and found that if I enable the "Built-in Asynchronous DNS" option under chrome://flags, I'm able to browse the internet with Chrome. With this option set to default or disabled, the same browsing issue occurs. I've ran a couple of tests as well under the "Tests" tab in chrome://net-internals/ and receive "ERR_NAME_NOT_RESOLVED (-105)" as the error for every FAIL result listed (when the Asynchronous DNS option is default or disabled).

So currently, I can only browse the internet using the TorBrowser or using Chrome with Built-in Asynchronous DNS turn on.
0
 

Author Comment

by:pccopilots
Comment Utility
I've also installed Sandboxie and attempted to run my browser in sandboxed mode. This still doesn't allow me to browse. However, I've found that Windows Update will connect up just fine (not through the browser, but the Windows Update program). Also, Microsoft Security Essentials will download updates just fine, even though other programs like Malwarebytes will not update (I had to manually download the definition updates from a different computer).

One strange issue that I'm seeing is through Fiddler Web Debugger. After opening up the program, I can open Chrome and browse the internet, even with the Built-in Asynchronous DNS turned off. However, I'm still unable to browse using Firefox or Internet Explorer. I also see three unknown connections in the list from the chrome.exe process that attempts to connect to the following three hosts : yofzkbnhqqdp, ixrexmvpscwj, and tnbafyeuym. The request headers that it shows for all three of these connections are as follows:

HEAD http://yofzkbnhqqdp/ HTTP/1.1
Host: yofzkbnhqqdp
Proxy-Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
Accept-Encoding: gzip,deflate

Obviously above, the host changes for these three entries. These are also obviously incorrect hostnames, but the "Proxy-Connection: keep-alive" is what is worrisome as there are no proxy settings set on this computer (anywhere in Internet Options or the registry). I obviously also receive a 502 result from these three HTTP connections.

The last very weird thing that I've noticed is that Chrome will no longer allow me to browse the internet after closing Fiddler (except with the Asynchronous DNS turned back on).
0
 

Author Comment

by:pccopilots
Comment Utility
Also, I can browse the internet successfully with absolutely no problems from a running virtual machine that is hosted on this computer.
0
 

Author Comment

by:pccopilots
Comment Utility
Ok, I see where the Fiddler application acts as a system proxy on startup on port 8888. Even though this is the case, it still only allows Chrome to connect to the internet after its running.
0
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 500 total points
Comment Utility
I know you do not wish to do a full reinstall, but, considering what you have done already, it may be time to bite the bullet.  You are not saving time at this point.  And even if you get this machine in perfect working order, my recommendation would be to NEVER use it to access anything where you don't want your credentials compromised.  I believe anyone else will say the same.  I, personally, would never trust this computer again, unless you do a complete reinstall, starting with DBAN.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:pccopilots
Comment Utility
Thanks for another comment Thomas, but I don't wish to reinstall the OS. I don't feel like I'm wasting time troubleshooting the problem as I fix networking issues all day long. Figuring out a fix for this would be much more beneficial to me than just reloading the OS. Honestly, I rarely post on Experts-Exchange or other sites unless I have something that has stumped me. I can always reload a computer and get it set back up, but I would like to be able to fix the problem in itself as that knowledge is worth more to me than getting it up and running quicker.

I trust that the system is clean as I'm not having any other issues. Again, this is a test box - I do not enter any important or personal information on it regardless. I'm almost certain that there's some crazy proxy settings set somewhere that was installed by one of the internet cafe programs. If it helps, here are the three programs that I tested:

HandyCafe (http://handycafe.com/)
NetCafe (http://www.netcafesystem.com/)
iCafeManager (http://icafemanager.com/)

I believe that the culprit is NetCafe as HandyCafe never actually worked. The server version they have listed on the website for download doesn't actually run (the executable briefly opens and closes with an error logged in the event viewer).

I'm unsure, but don't think necessarily that the problem was caused by iCafeManager either. I was able to install it succesfully and start the application, but I could never get past the registration screen as they didn't have location options for anything outside of India (even though they list it on their website). Contacting their tech support is a joke as well as they just reply back with canned email responses referring to the user manual to register the program. I emailed them numerous times asking for an actual reply, including screenshot differences from their program and their manual, etc. Alas, I still only received the canned responses in return.

NetCafe was a last ditch effort as it really didn't include the options that HandyCafe or iCafeManager touted. I ended up not wanting to use this either as the interface was terrible and it didn't have great documentation or support.

If there is anything else that anyone would suggest trying, I'm open.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
I am wondering if you may be interested in using Tails and try the browsing to see similar happening observed.
https://tails.boum.org/
Tails, also known as 'Amnesiac Incognito Live System', is a free security-focused Debian-based Linux distribution, which has a suite of applications that can be installed on a USB stick, an SD card or a DVD. It keeps users’ communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.
0
 

Author Comment

by:pccopilots
Comment Utility
Thanks for your comment btan, but I'm unsure how this will help as I would just be booting into the live CD instead of from Windows. I'm sure it will work just fine (the same as it works just fine in my virtual machines), but again - I'm not sure how this would help in the troubleshooting process since there isn't a hardware problem.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
understood, in any case, if windows event viewer did not have any helpful messages after the symptoms become apparent and stays prevalent, it is tough to drill into specifics as you have already attempted many follow ups and together with the expert advices push on deeper.

Sometimes, it is not a matter of finding the root cause but having to move on with restore and rebuild (not just re-install appls and driver) from last good restore point ... from last best known snapshot installation. In fact for all appl or driver installation, the restore pt will have been taken before the actual installation.

Sidetracking, personally I do not advocate having tor browser installed in client machine and best is use another environment like VM or storage to truely have the privacy browsing - leaving traces in the machines seems to defeat the privacy objective.
0
 

Author Comment

by:pccopilots
Comment Utility
Thanks again for another comment btan. Privacy isn't an issue with this computer. I suppose if no one else is able to help, I'll attempt a Windows repair installation to see if that fixes the problem.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
do try restore point if that is not tried but do backup data during the repair.
0
 

Author Comment

by:pccopilots
Comment Utility
I've already stated that I don't have a restore point from before the problem cropped up. Also, no data backup needed as I've already stated that this is a test box. Thanks.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
noted, roger that for missing it out
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
maybe this is not of great interest as I am also thinking of removing the s/w suspected to be causing issue

Revo Uninstaller  - http://www.revouninstaller.com/revo_uninstaller_free_download.html
(scans for leftovers of Windows Services, Drivers, File associations, Shell Extensions, COM components, Windows Installer components, program settings etc)
CCLeaner - https://www.piriform.com/ccleaner/features
(leans traces of your online activities such as your Internet history, remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts etc)
0
 

Accepted Solution

by:
pccopilots earned 0 total points
Comment Utility
Thanks, but I already use CCleaner on numerous computers regularly. I'm not a big fan of Revo, but I installed it regardless to see if it found anything (which it didn't).

I ended up just performing a Windows repair installation (or in-place upgrade...whatever you prefer to call it), and that has fixed the browsing/DNS issue on the system. Unfortunately, this isn't what I wanted as I really would have liked to figure out the problem, but oh well.

My only reason for having an Experts-Exchange account is to be able to chat with other professionals for strange or in-depth issues I run into (which isn't very often). Since I wasn't able to actually resolve the problem itself, I'm unsure how the moderators would like to handle closing out the case. Please let me know admins/mods.

Thanks,
Justin
0
 

Author Comment

by:pccopilots
Comment Utility
Ok, thanks.
0
 

Author Closing Comment

by:pccopilots
Comment Utility
The problem itself was never pin-pointed and resolved. I ended up having to perform a repair installation on Windows to fix the problem, which is something I specifically didn't want to do since I still don't know what the cause of the problem was.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now