Help?

[Suppressed]

I'm seeing some odd behavior when I try to access the Hotmail website from my home desktop (wired connection to the Internet gateway [cable modem/router]), and I'm hoping someone can help.

I'm using Google Chrome.  For the past several days, the hotmail/outlook/live.com website can't be accessed, though sometimes several hours later or the next day, it will work for a period of time before becoming inaccessible.  This is the only website I have trouble with.   

When I try using Internet Explorer to go to "hotmail.com", it gets to the initial page (https://outlook.live.com/owa/), but won't connect to the sign in screen when I click "Sign in".  (So I'm guessing the real problem is with "login.live.com".)

When I use my phone (connected wirelessly to the same gateway [cable modem/router] device) it accesses fine.

When I try to connect from my work office, it connects fine.

I've tried disabling all "Shields" on my Avast! antivirus and connecting, but it doesn't seem to affect anything.  I don't see any relevant entries in HOSTS.   And I'm feeling really old because I can't think of what else to check.  Antivirus scan finds nothing.



Error msg:

This site can’t be reached
login.live.com took too long to respond.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_TIMED_OUT

Thoughts?

And.. Thanks in Advance!!

[Wingnut]

That happens on one computer that I have that is running Vista. 

[Cyber Liberty]

That happens on one computer that I have that is running Vista.

Vista?  Nuke it from orbit, it's the only way to be sure.

[XenaLee]

I'm seeing some odd behavior when I try to access the Hotmail website from my home desktop (wired connection to the Internet gateway [cable modem/router]), and I'm hoping someone can help.

I'm using Google Chrome.  For the past several days, the hotmail/outlook/live.com website can't be accessed, though sometimes several hours later or the next day, it will work for a period of time before becoming inaccessible.  This is the only website I have trouble with.   

When I try using Internet Explorer to go to "hotmail.com", it gets to the initial page (https://outlook.live.com/owa/), but won't connect to the sign in screen when I click "Sign in".  (So I'm guessing the real problem is with "login.live.com".)

When I use my phone (connected wirelessly to the same gateway [cable modem/router] device) it accesses fine.

When I try to connect from my work office, it connects fine.

I've tried disabling all "Shields" on my Avast! antivirus and connecting, but it doesn't seem to affect anything.  I don't see any relevant entries in HOSTS.   And I'm feeling really old because I can't think of what else to check.  Antivirus scan finds nothing.



Error msg:

Thoughts?

And.. Thanks in Advance!!

Whenever I have an issue on the pc, I plug in my problem and search for answers on various forums.  Usually, somebody has the fix.  You might try this site's suggestions...

https://www.problogbooster.com/2015/03/fix-this-site-cannot-be-reached-err-connection-timed-out-reset-chrome-windows-error-dns-address-not-found-lookup-failure-localhost-refused-to-connect-solved.html

and if no joy there, one of these sites' suggestions might help.

https://www.bing.com/search?q=This+site+can%E2%80%99t+be+reached+login.live.com+took+too+long+to+respond.&qs=n&form=CHRDEF&pc=U316&sp=-1&pq=this+site+can%E2%80%99t+be+reached+login.live.com+took+too+long+to+respond.&sc=0-67&sk=&cvid=22E14AAD7B784CCC820745983960C1A6

[XenaLee]

Vista?  Nuke it from orbit, it's the only way to be sure.

Better yet, upgrade to Windows 7.  Can find it pretty cheap online now.

[Wingnut]

Vista?  Nuke it from orbit, it's the only way to be sure.

I know.  Chrome is not supported. Firefox gave up on it.  IE Explorer opens with a blue screen. Avast laughs at it and wont update!   I only keep it because it has all the MS Office Professional on it

[Suppressed]

Whenever I have an issue on the pc, I plug in my problem and search for answers on various forums.  Usually, somebody has the fix.  You might try this site's suggestions...

Thanks, @XenaLee!  I did do a search and tried what was suggested on a few sites, and it came back...temporarily. With the problem disappearing and reappearing a couple of times, I think it was just a coincidence.

I'm thinking my IP Address might be getting flagged by microsoft, and then unbanned...?  Just one more hypothesis that I don't know how to check.

At least I run Win 7!

[Frank Cannon]

That happens on one computer that I have that is running Vista.

Vista? Do you hop in your DeLorean and hit 88mph to go back and use it?

[InHeavenThereIsNoBeer]

Thanks, @XenaLee!  I did do a search and tried what was suggested on a few sites, and it came back...temporarily. With the problem disappearing and reappearing a couple of times, I think it was just a coincidence.

I'm thinking my IP Address might be getting flagged by microsoft, and then unbanned...?  Just one more hypothesis that I don't know how to check.

At least I run Win 7!

If it works fine from your phone but not your PC, both going through your home router, I doubt it's M$ flagging your IP, since they will see the same IP either way (the IP of your router).

While it's trying, but before it fails, run this in a command prompt:

netstat -an | find "SYN"

And post the results.

I'd also try a different browser and see if it works consistently.

Looking at the hosts file was a good idea.  I'd also check the network settings to see if the DNS server is set to something specific.  And, since both applications and the OS often cache DNS entries, if you're getting bad info from somewhere that may explain why the problem comes and goes.  I don't do chrome, so I can't speak to the correctness of the following (though I know the ipconfig /flushdns is totally safe), but...

https://superuser.com/questions/203674/how-to-clear-flush-the-dns-cache-in-google-chrome

[Wingnut]

Vista? Do you hop in your DeLorean and hit 88mph to go back and use it?

That's heavy.

[ConstitutionRose]

Try uninstalling chrome, reboot and reinstall from the website.  There is no fixing chrome as such.  Altho if it is happening on multiple browsers it's more likely systemic.  Are your NIC drivers up to date.  Try reinstalling them.  I think someone has already suggested resetting the IP stack.  I've been doing desktop and server support since the early 80's and Vista is the worst.  It is most likely operating system corruption.  Were it a different OS, I would suggest a refresh, but it's truly hard to see the return on that kind of time investment for Vista.

[Wingnut]

Try uninstalling chrome, reboot and reinstall from the website.  There is no fixing chrome as such.  Altho if it is happening on multiple browsers it's more likely systemic.  Are your NIC drivers up to date.  Try reinstalling them.  I think someone has already suggested resetting the IP stack.  I've been doing desktop and server support since the early 80's and Vista is the worst.  It is most likely operating system corruption.  Were it a different OS, I would suggest a refresh, but it's truly hard to see the return on that kind of time investment for Vista.

Thanks.  But I don't care about it.  If I need to read an email I just fire up the other desktop in the room. It is a Dell that runs Windows XP Professional. 

[Elderberry]

I know.  Chrome is not supported. Firefox gave up on it.  IE Explorer opens with a blue screen. Avast laughs at it and wont update!   I only keep it because it has all the MS Office Professional on it

Have you tried Brave?

[Wingnut]

Have you tried Brave?

I'm still  using Vista...I must be brave, right!   

[Elderberry]

I'm still  using Vista...I must be brave, right!   

Step up and be Xtra Brave. https://brave.com/

[Wingnut]

Step up and be Xtra Brave. https://brave.com/

I'll check it out.  thx.

[Suppressed]

netstat -an | find "SYN"

And post the results.

@InHeavenThereIsNoBeer

It gives me nothing.  I mean, it just goes to the next prompt.

I installed Brave, and it behaves the same as IE...it sits and spins when I click the link to the signon page.

[InHeavenThereIsNoBeer]

@InHeavenThereIsNoBeer

It gives me nothing.  I mean, it just goes to the next prompt.

I installed Brave, and it behaves the same as IE...it sits and spins when I click the link to the signon page.

Okay, so much for the easy stuff.  Probably.  I've never been a windows guy, and haven't touched it in a few years, so maybe I got the syntax wrong.  While it's "spinning", try just 'netstat -an' (I know that part is right) and look for anything that says 'SYN' just to be sure.

That would tell us if it was having trouble setting up the initial connection.  Other possibilities are that it can't find the IP for login.live.com in the first place, or it is making the connection and something is goofed up after that.  I'd try a combination of

netstat -an | find "443"

and

netstat -a | find "live"

preferably on both working and non-working machines.  You need to do this pretty quickly after connecting.

On a working machine, you should see the same connection listed in each, one with login.live.com and one with the IP it is using.

[InHeavenThereIsNoBeer]

Actually, getting the output of those two commands from the "broken" machine, both when it is working and when it is not, might be even more useful.

Also, while thinking about this I came up with an idea for a virus.  I'm not sure it's even realistic, but I'd change your email password and not login from the broken machine until you get this worked out (okay, maybe once to gather the above info, but then login and change it again from a working machine).

[Suppressed]

Actually, getting the output of those two commands from the "broken" machine, both when it is working and when it is not, might be even more useful.

Also, while thinking about this I came up with an idea for a virus.  I'm not sure it's even realistic, but I'd change your email password and not login from the broken machine until you get this worked out (okay, maybe once to gather the above info, but then login and change it again from a working machine).

@InHeavenThereIsNoBeer

I think that's it.  I recall getting notification a few days before this started that my account has been compromised, and I changed the password.  I'll do it again from work computer tomorrow.
I'm running boot-level Avast! scan all night with heuristics set high. But before that I discovered that it seems like microsoft.com is also blocked. 
I put in Google DNS servers to no avail, and oddly, tracer login.live.com had timeout hops. Not sure what it all means and how to fix it.

[DB]

What are you using for your DNS service in your router?

I recommend using Googles 8.8.8.8 and 8.8.4.4. Its fast and filters out most unsafe addresses. The down side is I'm sure Google tracks you via your DNS accesses. There's also Open DNS that I used for years but it goes down from time to time.

[DB]

@InHeavenThereIsNoBeer

I think that's it.  I recall getting notification a few days before this started that my account has been compromised, and I changed the password.  I'll do it again from work computer tomorrow.
I'm running boot-level Avast! scan all night with heuristics set high. But before that I discovered that it seems like microsoft.com is also blocked. 
I put in Google DNS servers to no avail, and oddly, tracer login.live.com had timeout hops. Not sure what it all means and how to fix it.

If you changed your password via a link from an Email that your account has been compromised - you may have done the compromising yourself... That's how they phish you. Never use a link in an Email to do something like that. Hopefully you didn't.

[Elderberry]

If you changed your password via a link from an Email that your account has been compromised - you may have done the compromising yourself... That's how they phish you. Never use a link in an Email to do something like that. Hopefully you didn't.

Dang it! You beat me to it! Always be leery of pop ups or emails that appear to be too helpful in that they say your machine has a problem and they can fix you up.  And get in the habit of hovering your cursor over links and read the link to discern where you are actually going.

[InHeavenThereIsNoBeer]

@InHeavenThereIsNoBeer

I think that's it.  I recall getting notification a few days before this started that my account has been compromised, and I changed the password.  I'll do it again from work computer tomorrow.
I'm running boot-level Avast! scan all night with heuristics set high. But before that I discovered that it seems like microsoft.com is also blocked. 
I put in Google DNS servers to no avail, and oddly, tracer login.live.com had timeout hops. Not sure what it all means and how to fix it.

There's nothing wrong with traceroute not reporting every hop.  Some network admins disable the response it needs to function.

Google DNS is one of the things I was considering recommended depending on the netstat output (of course, if this is a virus netstat could be corrupt, too).

This is old, but...

https://community.norton.com/en/forums/fake-email-microsoft-account-team-watch-out

[DB]

Did this get resolved?

[Elderberry]

I

[Suppressed]

@InHeavenThereIsNoBeer
@DB
@Elderberry


SHOOT!  I'm seeing now that my previous reply, laboriously typed out on my phone, didn't post!  GRRR...I wasn't trying to ignore anybody...


As I recall, my points/questions were:

1) What am I looking for, with the netstat -an | find "443" and netstat -a | find "live"?   I had LONG lists on the first, as I had 350+ tabs open in Google Chrome (yes, I mean it...).   I have been trying to get an old laptop running, to run it on a working computer.  Should I be running those while it "sits and spins" looking for the site?  Should I pipe them to a .txt file and post the results here (uh, it contains my IPv6 address)?

2)  I don't think I infected myself, as I thought I just waited to go to my work computer and then changed it there (without clicking anything).  Then again, I've been working to the point of literal exhaustion lately, and I'm not going to trust anything I did.  So perhaps I did do something stupid.  (We always think we won't be stupid enough to be phished . . .  )  Right now, I can't check the alert e-mail I got to even see whether it's a phishing e-mail because I can't get to my e-mail on my desktop!  The funny thing is, viewing the e-mail on my phone doesn't show any link I'd have clicked...but... I'm going to operate on the assumption I was stupid and just mis-remember what I did.  The circumstantial evidence sure seem to point that way! 

3) I've followed the steps here: https://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide// after my Avast! didn't find anything.  I still think the most likely scenario is malware, though. 

4) If the malware is gone, there still seems to be somewhere it's intercepting (or trying to) my attempt to get to microsoft.com or login.live.com (and maybe others).  I guess even if I've removed the malware, I need to get that back.

5) If I do a "repair" with my original Windows 7 disk, will that likely patch up any problems the malware caused (opening ports or whatever)?



I'm a terribly disorganized person, and I'd really like to avoid having to reinstall everything.  But is that what I have to do?

Thank you SO much!

[InHeavenThereIsNoBeer]

@Suppressed

I can speak to #1.

Each TCP connection uses a source IP, source port, destination IP, and destination port.  You might think of the IP as a phone number, and the port as an extension (but in TCP we use extensions on both sides).  netstat shows us these connections, along with the state that they are in (generally, ESTABLISHED or CLOSE_WAIT for a good connection, SYN_something for a connection that is hung in the initial setup).

Here's an example of a connection I have open (using different port because it's a different protocol, and not on MS so the syntax is a little different).

hawkeye$ netstat -an | grep :22
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN     
tcp        0      0 172.30.219.103:45151        172.30.219.110:22           ESTABLISHED
tcp        0      0 :::22                       :::*                        LISTEN

hawkeye$ netstat -a | grep wolverine
tcp        0      0 hawkeye:lds-distrib         wolverine:56510             ESTABLISHED
tcp        0      0 hawkeye:nfs                 wolverine:rndc              ESTABLISHED
tcp        0      0 hawkeye:mysql               wolverine:52692             ESTABLISHED
tcp        0      0 hawkeye:lds-distrib         wolverine:56508             ESTABLISHED
tcp        0      0 hawkeye:mysql               wolverine:52690             ESTABLISHED
tcp        0      0 hawkeye:45151               wolverine:ssh               ESTABLISHED

Okay, first thing to note is I added a colon before the 22.  I don't need to see every line with a 22 in it.  I could even use ":22 " to cut it down further if necessary.

netstat with -n shows me only numbers, while w/o it it looks up the hostnames associated with the IP address and port if available.

Looking at the two lines that have the same source port, 45151, I can see that the connection is established.  I can also tell what addresses it is using.  The latter will provide a clue if the address doesn't "look right".  From there, we would use other tools to determine if DNS is providing the correct information, or if something like a virus is bypassing that information to try to trick you into providing your login info on a site that looks a lot like hotmail/microsoft. 

You want to run these while it is spinning.  If the connection is http/https and sucessful, it's going to stay open a very short time after you load a page so you have to be quick.

There shouldn't be anything wrong with posting your IP, because that IP should be one that is only available inside your house/work/etc.  But if you want to dump it to a file and search and replace, go for it.  As long as you're not seeing anything when you look for "SYN", we should never need to care what your local IP is, only what you are trying to connect to.

[Suppressed]

Each TCP connection uses a source IP, source port, destination IP, and destination port.  You might think of the IP as a phone number, and the port as an extension (but in TCP we use extensions on both sides).  netstat shows us these connections, along with the state that they are in (generally, ESTABLISHED or CLOSE_WAIT for a good connection, SYN_something for a connection that is hung in the initial setup).

When I ran   netstat -an | find "live",  nothing was returned.

When I ran   netstat -an | find "443",  I got several.  I'm private messaging that listing to you.

netstat with -n shows me only numbers, while w/o it it looks up the hostnames associated with the IP address and port if available.

I tried running   netstat - a > netstat.txt and I don't see anything that looks obviously like a microsoft/live.com address.

Looking at the two lines that have the same source port, 45151, I can see that the connection is established.  I can also tell what addresses it is using.  The latter will provide a clue if the address doesn't "look right".  From there, we would use other tools to determine if DNS is providing the correct information, or if something like a virus is bypassing that information to try to trick you into providing your login info on a site that looks a lot like hotmail/microsoft.

At no time did I see it redirect me to a false login, but this is the one site that my browser was saving the password of (since I clicked that by mistake...it's my policy to never let sites nor browsers save my password).  My antivirus might have been preventing redirects, and my antimalware efforts since this started might have broken some chain. 

I'm still set up with the Google DNS servers (assuming I did it properly), but am I right in guessing that it looks like some intercept that's not even having it go to live.com?

[Restored]

I found that old versions of OS don't handle new versions of media very well. It could be Flash or some other software. I find this is particularly true of old versions of Linux.
You have to clear caches, cookies and such. Perhaps clear the Java cache. If you are running a really old version of Java, you might be SOL.

[InHeavenThereIsNoBeer]

So, netstat -a isn't going to help.  It appears MS doesn't provide "reverse DNS" (IP to hostname) for addresses associated with live.com.

There are a few things I might look at next.

1)  Check to see what DNS returns for login.live.com (though a virus could also screw with the command to hide its presence).  In my case, I see that when I query the IP for login.live.com, it gives me back three IPs I can try.  They tend to use the same few addresses (not always in the same order) for a few minutes, then use a different set for a few minutes.  That's okay, they do that to try to spread the load over multiple IPs.  What I've noticed is that they all start with 131.253.61 and end with an even number. 

hawkeye$ nslookup login.live.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
login.live.com  canonical name = login.msa.akadns6.net.
login.msa.akadns6.net   canonical name = vs.login.msa.akadns6.net.
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.102
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.96
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.98

hawkeye$ nslookup login.live.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
login.live.com  canonical name = login.msa.akadns6.net.
login.msa.akadns6.net   canonical name = vs.login.msa.akadns6.net.
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.96
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.98
Name:   vs.login.msa.akadns6.net
Address: 131.253.61.102

If I run nslookup and then quickly connect (just connect, not login) to login.live.com in my browser and run netstat:

hawkeye$ netstat -an | grep  131.253.61
tcp        0      0 172.30.219.103:37328        131.253.61.98:443           ESTABLISHED

I've only been looking at this approach for a short time.  For all I know they might use a completely different IP range on Monday.  But if you compare the results of the above between working and non-working machines, or better yet the busted machine when it works and when it doesn't, you might see a pattern emerge.

2)  If that doesn't provide any clues, another thing to look at is what changes in the netstat -an | find ":443 " output when you try to connect to login.live.com.  Run nslookup, netstat saved to file1, connect to login.live.com, netstat saved to file2, then compare file1 and file2.  You should see a new connection in the IP range returned by nslookup.  If you consistently see something different, particularly a new connection to somewhere else, that's a clue (with the caveat that if you have another tab open with a page set to auto-refresh you may see false positives).

3) Do the nslookup.  Pick one of those IPs and connect to it using https.  When I try this in firefox, I get a certificate error (that's good), I click 'advanced', unclick 'permanent', and click 'confirm' and I get the login screen and netstat shows a connection to the IP I put in the browser.

[roamer_1]

@Suppressed

Update subsystems.
Make sure Flash, java, and especially Silverlight (as this is an MS site problem) are latest version.

You have eliminated browser level issues - Since the problem persists in Chrome, but also exists in IE and newly added Brave (which IIRC is a Moz fork) It is not a browser issue, except for eliminating saved pwds in case the saved pwd is the issue.

DLD and use Piriform's CCLeaner (free)

After install, run the cleaner interface with it's normal settings. This will perform a cache dump for dang near every temp cache on your machine with one push of a button... to include temp files and emptying the trash.

This is to eliminate any outdated forms preferred as cached, and force the machine to dld new forms and etc.

**Note If you intend to keep CCleaner onboard, there are some setup issues to address, having to do with shutting off it's TSR, and whatnot... remind me and I can help with that

You have expressed some discomfort with the idea that Avira is keeping you clean... DLD and install, and maintain EmsiSoft's EEK . It DOES NOT run TSR. IT IS NOT a realtime scanner. It is an on-demand scanner ONLY. But it is a very good cleanup engine that will install to the root of your system drive, can be manually updated, and works very very well as a secondary to assure the efficacy of your primary. Emsisoft is the continuation of the old FourSquare trojan hunter, and is excellent. Perform a full scan, normal settings.

All things tried, and no joy, only three things remain:
1. Hosts file has a redirect which is interfering with proper address. POSSIBLE

2. LSP level malfunction - Unlikely but possible... can be a bugger to fix, fix can cause worse problems, so let's figger 'not' for now.

3*** Server-side malfunction is denying the specific machine as a trusted device. This is LIKELY. Log into your MS account, get into security, and remove all trusted devices. This will require all your devices to be reestablished as 'trusted' but will eliminate any duplicates that might be causing denial.

[Suppressed]

Update subsystems.
Make sure Flash, java, and especially Silverlight (as this is an MS site problem) are latest version.

You have eliminated browser level issues - Since the problem persists in Chrome, but also exists in IE and newly added Brave (which IIRC is a Moz fork) It is not a browser issue, except for eliminating saved pwds in case the saved pwd is the issue.

@roamer_1

Okay.  I didn't have Java installed, so I just installed it.  I'll update Flash and Silverlight. 

DLD and use Piriform's CCLeaner (free)

Oops...forgot to mention that I'm a paid user of CCleaner Pro, and recently that also stopped working (perhaps knocked out by the malware?).  I reinstalled the latest version.

After install, run the cleaner interface with it's normal settings. This will perform a cache dump for dang near every temp cache on your machine with one push of a button... to include temp files and emptying the trash.

I've run it without deleting cookies.  I suppose I should go back and delete them?

**Note If you intend to keep CCleaner onboard, there are some setup issues to address, having to do with shutting off it's TSR, and whatnot... remind me and I can help with that

I'd appreciate that.  It was the TSR that was giving me the warning that it wasn't working anymore, I think, so are you saying I should just somehow set it to scan and then not stay resident? 

You have expressed some discomfort with the idea that Avira is keeping you clean... DLD and install, and maintain EmsiSoft's EEK . It DOES NOT run TSR. IT IS NOT a realtime scanner. It is an on-demand scanner ONLY. But it is a very good cleanup engine that will install to the root of your system drive, can be manually updated, and works very very well as a secondary to assure the efficacy of your primary. Emsisoft is the continuation of the old FourSquare trojan hunter, and is excellent. Perform a full scan, normal settings.

Actually, I'm using "Avast!" and it was probably doing its job.  Just talked with a friend who mentioned how out of it I was a few weeks ago, so more and more I'm suspecting I was dumb and just don't remember it.  BUT...it sounds like running that might be a good idea.

All things tried, and no joy, only three things remain:
1. Hosts file has a redirect which is interfering with proper address. POSSIBLE

Checked my Hosts.txt file and it appears to just have a blacklist, with nothing new at the end and a search for "live" doesn't show anything (other than as part of a blacklisted site name).   

2. LSP level malfunction - Unlikely but possible... can be a bugger to fix, fix can cause worse problems, so let's figger 'not' for now.

Okay.  That's the first part of the thread that I've really not known anything at all about. 

3*** Server-side malfunction is denying the specific machine as a trusted device. This is LIKELY. Log into your MS account, get into security, and remove all trusted devices. This will require all your devices to be reestablished as 'trusted' but will eliminate any duplicates that might be causing denial.

Okay...I'll try that tomorrow when I'm in my (work) office.

Thanks!

[roamer_1]

@Suppressed

Addendum:
Reset router to eliminate any chance the router has decided to deny the traffic from that machine to that site.

Does the machine connect by wire or air?
if timeout is an issue, is it latency over air? I know this sounds dumb, but a buddy of mine moved his fridge, and wrecked his connection to a machine in the basement... drove me nuts figuring that out...

Anyway, if you have a usb wireless nic laying around, a temporary alternate net connection might be fun.

[Suppressed]

@Suppressed

Addendum:
Reset router to eliminate any chance the router has decided to deny the traffic from that machine to that site.

Does the machine connect by wire or air?
if timeout is an issue, is it latency over air? I know this sounds dumb, but a buddy of mine moved his fridge, and wrecked his connection to a machine in the basement... drove me nuts figuring that out...

Anyway, if you have a usb wireless nic laying around, a temporary alternate net connection might be fun.

I'm using the Comcast-supplied gateway with a direct wired account. 

I know, I know...a long step down from when I used to use a DD-WRT hacked firmware router to unleash the full commercial capabilities on my consumer-model router (that were nerfed purely by the firmware).  But tech abilities evaporate with time and age, and I now can barely get around.  So rather than fight Comcast on bridge mode and have them say it was my router whenever I have a problem, I've stuck with their equipment.

I had Comcast send a reset signal early on with this issue.

No USB wireless NIC laying around here, unfortunately.  Something like this?  https://www.amazon.com/gp/product/B01CCMUN8C  (Should I Amazon Prime it?)

[Gefn]

I hate my iPhone, in two weeks I’ve gone through four of em. Two of em had exploded batteries and two of em just didn’t work.

I’m currently on the 5th. Fingers crossed. Thank heaven for Apple care.

all were on the house.

[roamer_1]

Okay.  I didn't have Java installed, so I just installed it.  I'll update Flash and Silverlight. 

@Suppressed
OK... I hate java. And I don't like running it anymore. But especially with site specific problems, it is good to have it onboard. All it takes is a server-side issue and some dork programmer is having troubles, and falls back to a java workaround. So yeah. Keep it on till resolved, and remove it at your leisure as desired. Some folks do fine without it... I still need it around where I go...

Oops...forgot to mention that I'm a paid user of CCleaner Pro, and recently that also stopped working (perhaps knocked out by the malware?).  I reinstalled the latest version.

I've run it without deleting cookies.  I suppose I should go back and delete them?

YES. Can't trust that anything is valid, and it may be nothing more than a malformed cookie causing your whole problem...

I'd appreciate that.  It was the TSR that was giving me the warning that it wasn't working anymore, I think, so are you saying I should just somehow set it to scan and then not stay resident?

Sidebar=>Option: Inner Sidebar=>Monitoring: Shut it all off.
It will no longer be resident, and you will have to have the fortitude to fire it up and manually run it now and then...  I have a once a week thing I do... a nice cup of tea, and manual machine maintenance... It's a groovy time. There is a peace in it 

Sidebar=>Option: Inner Sidebar=>Cookies: Nothing in 'Cookies to Keep'
I prefer to nuke and pave cookies every time. It confounds tracking, and prevents malformed cookie problems which can cause problems like you are having now. :)


 

Okay.  That's the first part of the thread that I've really not known anything at all about.

LSP is a network layer... Normally, if it is messed up, it borks everything. But it also can just do weird stuff on occasion. That only ONE site is continually pissed off is pretty unlikely... Which is why I am not very confident in that being your problem. But it may be more than one site, and you are simply not noticing the others, so it cannot be precisely eliminated. But pretty unlikely.

Thanks!

[roamer_1]

No USB wireless NIC laying around here, unfortunately.  Something like this?  https://www.amazon.com/gp/product/B01CCMUN8C  (Should I Amazon Prime it?)

@Suppressed
You never answered wire vs. air... If it is wired, hardware is less likely...

Worth considering, but you would be having an overall speed and latency problem, with this particular site being longer returning than most (not unheard of, being MS...) thus presenting as a symptom of a larger issue...

But if you are not having problems any other-where,  Hard to believe. So no, not worth all the trouble without proving an overall timeout/latency issue exists.

If the box can be easily removed to another location (offsite) and the problem persists, that immediately eliminates everything in your home environment as being causal.

[Suppressed]

@Suppressed
You never answered wire vs. air... If it is wired, hardware is less likely...

Oops... by "I'm using the Comcast-supplied gateway with a direct wired account." I meant that the gateway was wired to my desktop, not that the account was wired. 

Worth considering, but you would be having an overall speed and latency problem, with this particular site being longer returning than most (not unheard of, being MS...) thus presenting as a symptom of a larger issue...

But if you are not having problems any other-where,  Hard to believe. So no, not worth all the trouble without proving an overall timeout/latency issue exists.

Well, there are occasional oddball behaviors at other accounts, but I'm not sure that they're related.  For example, I've not been able to login to my CDbaby.com account, though I might be getting password wrong, so I tried to request a password reset link multiple times and it hasn't arrived (to a yahoo account, not my hotmail one).  As a login issue, maybe that's related...or maybe it's just problems on their end. 

If the box can be easily removed to another location (offsite) and the problem persists, that immediately eliminates everything in your home environment as being causal.

It's going to be difficult to remove offsite, as it's a full (server) form desktop, but I could ask my buddy if I could make a visit sometime this week with it.  I also just placed the order for USB wireless adapter to see if I can leech someone else's signal with my gateway unplugged. 

[Suppressed]

I hate my iPhone, in two weeks I’ve gone through four of em. Two of em had exploded batteries and two of em just didn’t work.

I’m currently on the 5th. Fingers crossed. Thank heaven for Apple care.

all were on the house.

Wow...what model is that?!

[roamer_1]

Oops... by "I'm using the Comcast-supplied gateway with a direct wired account." I meant that the gateway was wired to my desktop, not that the account was wired. 

@Suppressed
Not much to go wrong there.... Modem, patch cable, NIC.

Well, there are occasional oddball behaviors at other accounts, but I'm not sure that they're related.  For example, I've not been able to login to my CDbaby.com account, though I might be getting password wrong, so I tried to request a password reset link multiple times and it hasn't arrived (to a yahoo account, not my hotmail one).  As a login issue, maybe that's related...or maybe it's just problems on their end. 

Sounds pretty incidental. If you are getting decent returns from your favorite speedtest site, and not experiencing ALOT of packet drops on pings, I doubt it is going to be that.

I am betting on server-side, and eliminating your trusted devices as being the culprit... Or something messed up with another MS service like OneDrive or something along those lines.

It's going to be difficult to remove offsite, as it's a full (server) form desktop, but I could ask my buddy if I could make a visit sometime this week with it. 

Worth doing if else fails - This is a process of elimination, so anything that can be eliminated is worthwhile...

I also just placed the order for USB wireless adapter to see if I can leech someone else's signal with my gateway unplugged. 

I dunno what you're talking about 
But a USB nic is a handy thing to have around   

I use em here all the time... I have a hacked down miniWin I boot into guest machines to get them into my network for file transfers... I had to specifically hack in the drivers for my USB nics because who knows which drivers are in any box? So I have USB2Wireless and USB2Wire adapters to make the miniwin functional for that purpose...

Which brings another thought... Howabout booting a Linux Live disk into the machine ... Or a WinPE with net support, which I doubt you'd have, but you surprise me all the time :D... That eliminates the host OS if the problem persists...

Barring environmental and hardware issues (which seems unlikely) that would almost certainly point to Server-side, as only the IP and mac-addy would remain from the original host transmission...

[Suppressed]

Sounds pretty incidental. If you are getting decent returns from your favorite speedtest site, and not experiencing ALOT of packet drops on pings, I doubt it is going to be that.

Forgot to stop streaming a YouTube video and speedtest.net gave me
 PING 14 ms   DOWNLOAD 297.31 Mbps   UPLOAD 12.06 Mbps 
Best I've ever gotten. 

I am betting on server-side, and eliminating your trusted devices as being the culprit... Or something messed up with another MS service like OneDrive or something along those lines.

Just realized, I'm not sure how to eliminate trusted devices once I get into my work machine.   

But a USB nic is a handy thing to have around   

Cheers!   

I use em here all the time... I have a hacked down miniWin I boot into guest machines to get them into my network for file transfers... I had to specifically hack in the drivers for my USB nics because who knows which drivers are in any box? So I have USB2Wireless and USB2Wire adapters to make the miniwin functional for that purpose...

 

I'll have to remember to keep track of the drivers.

Which brings another thought... Howabout booting a Linux Live disk into the machine ... Or a WinPE with net support, which I doubt you'd have, but you surprise me all the time :D... That eliminates the host OS if the problem persists...

HA!

I actually have a Linux SystemRescueCD but not a WinPE one.  I've never actually booted it. and I can download and burn and .iso for an updated one.  Unless the WinPE with net support would be better/easier to figure out how to get and burn...?

Gonna try booting from that SystemRestoreCD to see whether it gives me some sort of browser option.  Or perhaps find another installation that would.

as always...Thanks!

[Gefn]

Wow...what model is that?!

iPhone 6 s plus. Pink

[roamer_1]

Forgot to stop streaming a YouTube video and speedtest.net gave me
 PING 14 ms   DOWNLOAD 297.31 Mbps   UPLOAD 12.06 Mbps 
Best I've ever gotten. 

@Suppressed
You're hardware/connection is fine.

Just realized, I'm not sure how to eliminate trusted devices once I get into my work machine.   

Log into your account, get into settings, find security, and it's right in there.

HA!

I actually have a Linux SystemRescueCD but not a WinPE one.  I've never actually booted it. and I can download and burn and .iso for an updated one.  Unless the WinPE with net support would be better/easier to figure out how to get and burn...?

Gonna try booting from that SystemRestoreCD to see whether it gives me some sort of browser option.  Or perhaps find another installation that would.

as always...Thanks!

I just use a Mint Live Installation disk... or Ubuntu... because I have them around... They boot live from CD or thumb and have full access to the OS... Just like if it were installed. Just don't poke the 'install' button.

I can recommend Knoppix too - I used that for years - It is geared more for rescue than installation, but you will have great NIC detection, and full desktop/browser.

WinPE is great if you can find one. But it is complicated building one from scratch. And they suck for getting network. Certainly not worth doing just for this project...

But if you are looking for something to do, and need a whole bunch of coasters, I can recommend WinBuilder as a decent method for building a custom bootable miniwin. Seriously though... It is a major project.

[Suppressed]

Log into your account, get into settings, find security, and it's right in there.

Thanks!  I'll let you know how it goes.

But if you are looking for something to do, and need a whole bunch of coasters, I can recommend WinBuilder as a decent method for building a custom bootable miniwin. Seriously though... It is a major project.

   No thanks!

[Suppressed]

Update on my activities:

I figured out where they moved the "eliminate trusted devices" setting (it's under Enable Two-step Authentication" or whatever, and did it from work...but still no luck.


I'm gonna try to figure out which Linux iso I need to burn a Live version.  Ubuntu was taking too long, so I downloaded the "Cinnamon" iso from here: https://www.linuxmint.com/download.php  (Is that what I need?)  I burned it to a DVD, and will try it out after hitting Post on this message.

[roamer_1]

Update on my activities:

I figured out where they moved the "eliminate trusted devices" setting (it's under Enable Two-step Authentication" or whatever, and did it from work...but still no luck.

@Suppressed
 

I'm gonna try to figure out which Linux iso I need to burn a Live version.  Ubuntu was taking too long, so I downloaded the "Cinnamon" iso from here: https://www.linuxmint.com/download.php  (Is that what I need?)  I burned it to a DVD, and will try it out after hitting Post on this message.

Yep. that'll do... Change the boot sequence to see the thumb or DVD before the hdd, stuff it in and reboot...

Firefox is onboard... if it sees your nic, you'll be golden...
DO NOT mash on the install button.

[Suppressed]

Firefox is onboard... if it sees your nic, you'll be golden...
DO NOT mash on the install button.

Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?

[roamer_1]

Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?

@Suppressed
Then it is definitely within the OS, all else is eliminated.
It is not in the networking, as there is nowhere to blacklist sites other than the firewall and the HOSTS - Both already confirmed to be ok

Brings me back around to AV, script blockers, adblockers, or some sort of hijacker. Whatever that could be must be over all browsers, or was imported into each.

Here is another thing to try - make another (temporary) user, and try to log in through that... If you can log in though that, then all you have to do is back your data, kill off your real user (deleting files), reboot, and rebuild the user... Probably quicker and better than an overlay install...

If you cannot login through that, then it would seem to me you have a critter, or it has to be AV, or some other overreaching thing.

[DB]

Firefox via Mint got me right through the login at login.live.com. 

Should I put my Windows install disk in and see if it will do a repair, or what?

I've not been following this so forgive me if I ask/say something redundant... Did you backup your computer at all? Do you have any backups you can restore from prior to it going bad? Unless you can identify what caused your problem so you can remove it you won't know for certain if you got rid of it and your computer is really secure. You can copy all your pictures, documents, music, etc off your computer and then scan it all with something reliable to make sure it is clean. Drives are cheap, you can buy a new one and start over while keeping your original drive intact (but not connected to the computer). Yes it really sucks... But if your computer is compromised and you don't know by what your options are pretty limited if you want any certainty it is secure again.