not able to open any other site than google, youtube and wikipedia, safemode is working well

Starting from today, I am not able to open any other pages than google, youtube and wikipedia, Pages like microsoft , vmware and anyone else is not possible to be opened. And it doesn't matter what browser i use.
I booted in safemode and in safemode everything is working. All pages can be opened without problems.
Could you please tell me what is the issue. Machine is windows server 2016.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Sounds like a DNS problem.

First run dig... er nslookup for Windows... Check to make sure an IP is being returned for DNS resolution + it's the correct IP... so for the return should be...

imac> dig +short a

Open in new window

Any other return means your local DNS caching system requires a bit of work.
dedriAuthor Commented:
Hi David, thanks for help. DNS resolving works. If I start the system in safemode, everything is wokring and all pages are opened. Network settings are the same with safemode and normal mode.
When I start normal mode, I am not able to open any pages than google, youttube
check add ons,

Sounds like you have either a restriction, internet options, content .....
or ..

use hijackthis to see what is going on.
Does it sow up on all profiles on the server, or just one?
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Andrew LeniartSenior EditorCommented:
If I start the system in safemode, everything is wokring and all pages are opened. Network settings are the same with safemode and normal mode.
If a DNS issue has been eliminated, the fact that it works in Safe Mode indicates Malware on the system or a browser add-in gone rouge to me.

1. Disable all Add-Ons / Extensions in your browsers and test - if that resolves, re-enable one at a time until you find the rouge one.

2. Do a full system scan of the system with Malwarebytes Free - allow it to remove everything it finds and see if that resolves it.

Have seen this many times over the years and the two steps above generally resolve the problem.

I hope that's helpful.

Regards, Andrew
dedriAuthor Commented:
no add-ons in the browsers(IE, Chrome).
all users are affected.
In safemode it's working. Could you tell me how to check what is started in normal mode more than safemode and ho to exclude the things one by one.
Andrew LeniartSenior EditorCommented:
Could you tell me how to check what is started in normal mode more than safemode and ho to exclude the things one by one.
You can use Task Manager for this in W10. Just go to the Startup and Services Tabs. That said, I would urge you to try a Malwarebytes scan first. Quick and easy to do.
Andrew LeniartSenior EditorCommented:
Sorry, forgot to answer how to exclude things one by one. Basically, disable everything in the Startup Tab using Task Manager first, reboot and see if problem is repaired. If yes, re-enable things one at a time and keep restarting until the problem recurs. Services are a little more tricky. You need to go through the same process as the startup tab, compare what's running in Normal and Safe Mode and then disable anything running in normal mode that Windows will allow you to disable, and then re-enable one at a time. A tedious procedure to go through though and will not work with Services if a service is affecting the machine yet will not allow itself to be ended while Windows is running in normal mode. Hope all that makes sense? :)
There are many places that can hide malware/viruses such Task scheduler and run(s)(in the registry).
I would Use System Restore to put it back to yesterday, or earlier and then run a full system check with a good anti-malware application, as [previously mentioned. Check the file "hosts"(C:\Windows\System32\drivers\etc) to see if there are some crazy things in there.
Bryant SchaperCommented:
Are you at an office, and behind a firewall?  I have seen odd behavior like this when companies implement SSL decryption to analyze traffic.
run sfc /scannow in an elevated command to make sure the networking part is not being meddled with.
Check internet options to make sure it is not being redirected their as a proxy....

start iexplre -extoff and see if you have a different behavior.

what do you have on the system, end point, mcaffee, etc. content filter?

presumably safe mode with network is how you boot...check services as referenced ...
dedriAuthor Commented:
I run a recommended malware removal software and nothing has been found.
I run sfc /scannow and no problems are detected.
Run in safe mode, web pages is opened there. Check the running services. Start windows in normal mode, Disable the services which are not running in safe mode - no change, web pages are not able to be loaded except the google and youtube.
All browsers have problems.
Check host files, nothing suspicious there.
I still can't open the web pages. Any other suggestions, that I can try
run browser without extensions

what about when fully run (windows key + R)  iexplore -extoff?
same behavior?
check the network adapter properties see which services, components are attached there beyond the IPv4,ipv6,client for microsoft networks, file and printer sharing for microsoft networks, and QoS packet scheduler...

To you have other teeter I think is a Symantec option.....

When in regular mode you are trying to access, what is the status at the bottom of the browser commonly, says? connecting to , make sure it is not saying it is connecting so an IP/host that might reflect it is trying to proxy the request where the three you can access might be exempt from going through a proxy.
Imho,,,, The logic of what you say is happening dictates that the issue is something loading at boot, or logon.
Since the browsers are working in safe mode, they are not the problem.
I would look through Task scheduler for things that run at boot, and at login. Many people don't realize there are 'logon' tasks.
run msconfig on the services tag, put a check in "Hide all Microsoft services" and look carefully through all of them, or disable them all.
On the startup tab, look through them all, disabling anything you are not 100% sure of, or disable them all.
Also check your antivirus to see if it has a firewall in it.
dedriAuthor Commented:
I use autorun from sysinternals. Only services that runs except the microsoft are vmware tools services  installed. I disabled them and the problem is the same.
Also I disabled all scheduled task. Again the same problem.
dedriAuthor Commented:
not able to fix the issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.