I am a technician that works for an institution providing walk-up computer repair (mostly virus removal), and I have had 2 interesting cases that have stumped me.
Here's what is going on:
Our clients have to frequently use an institutional website whose address looks like "xxxxxxx.angellearning.com/default.asp".
Both "interesting case" clients have come in with low level browser hijack infections (Tuvaro, Gorillaprice, Opimizer Pro, Knctr, etc...). Typically we use a combination of AdwCleaner and CCleaner along with some manual actions to resolve these types of infections.
Now the problem that has started happening with these two clients is that post infection cleaning, when the clients attempt to view the "xxxxxxx.angellearning.com/default.asp" site, Chrome downloads "default.asp" instead of displaying it. Every single time.
Chrome will display the page correctly when Windows is loaded in Safe Mode.
The list of cleaning/detection products I have run (hopefully I won't forget any) include:
Kaspersky Rescue CD
Sysinternals ProcessMonitor, Autoruns
Junkware Removal Tool
Adware Removal Tool
Also the applicable tools have been run from outside of Windows (i.e. Kaspersky Rescue).
And after the initial infection was removed, all of the above tools have found NOTHING.
Also also, the Chrome browser has been reinstalled using Revo uninstaller multiple times as well as reset and this problem does not affect any other browsers. The reason that the clients have to use Chrome is due to a browser compatibility issue with the site that they need to access.
Keep in mind that I can only work on these computers as the clients come back. I have one scheduled to come back today and Monday but I am not authorized to keep their devices without their being present.