Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Why do I have 8 connections using Google Chrome when it was not opened or default browser?

Posted on 2015-01-12
9
Medium Priority
?
978 Views
Last Modified: 2015-01-29
Question: Why am I seeing 8 instances of chrome.exe  even though I did not open Chrome or specify it as my default browser?

The following are the image command lines for the 8 instances followed by netstat of the 8 chrome.exe process instances and finally my current version information for  Google Chrome
as pulled  via URL chrome://version
Please note I have installed the developer plugin for GWT(Google Web Toolkit)  Still I am trying to understand if these instaces are Google's doing or some 3rd party maybe eclipse.org,
appache.org  etc...

Here is the list of command lines: note to track the 8 pids of command lines I kept track of the current ((PID)) as displayed below:

1. ((6008))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

2. (5312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6008.0.167718706\228420465" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411

3. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151

4. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151


5. ((4528))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.3.496189420\1768498121" /prefetch:673131151

6.((5452))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.4.15851665\850061674" /prefetch:673131151

7.((5856))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.5.364988783\967599653" /prefetch:673131151


8. ((6596))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11357_0\WINNT_x86-msvc/npGwtDevPlugin.dll" --lang=en-US --channel="6008.8.1581781278\444234900" /prefetch:-390060480
-------------------------
NETSTAT:
Report: NetStat

Process, Proto, Loc. IP, Loc. Port, Rem. IP, Rem. Port, State, Hostname, PID
chrome.exe, TCP, 192.168.1.4, 50352, 173.194.37.80, https, ESTABLISHED, atl14s08-in-f16.1e100.net, 6008
chrome.exe, TCP, 192.168.1.4, 50361, 204.79.197.200, http, ESTABLISHED, a-0001.a-msedge.net, 6008
chrome.exe, TCP, 192.168.1.4, 50364, 204.79.197.200, http, ESTABLISHED, a-0001..a-msedge.net 6008
chrome.exe, TCP, 192.168.1.4, 50367, 31.13.69.80, https,     ESTABLISHED, edge-star-shv-10-iad1.facebook.com, 6008
chrome.exe, TCP, 192.168.1.4, 50369, 204.79.197.200, https, ESTABLISHED, a-0001.a-msedge.net, 6008


Note I did a whois on the a-msedge.ne domain and it appears to be Microsoft owned
facebook.com also seems to have a connection always there I am going to query the support for each of these until I get a good answer.
There is too much of this sneaky tcp/ip connections being made

So now I am asking myself why is Google Chrome opening up these connections taking up resources when I did not open that browser?
Note 1e100.net   is owned by Google.

So it appears these connections through Google Chrome are through Google, Microsoft, and Facebook. Why might that be?
How do I control these connections??

-------------------------
Google Chrome      39.0.2171.95 (Official Build) m
Revision      86b48442d063e82f94969f5439badf11c9baeacc-refs/branch-heads/2171@{#461}
OS      Windows
Blink      537.36 (@186555)
JavaScript      V8 3.29.88.17
Flash      16.0.0.235
User Agent      Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Command Line      "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window --flag-switches-begin --flag-switches-end
Executable Path      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Profile Path      C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
Variations      74785582-3f4a17df
e950616e-ca7d8d80
e9f4800b-39c30599
8afebf76-164ff01c
19f73432-ca7d8d80
76b48ab8-a2567007
c70841c8-a2567007
195ce1b5-d93a0620
1d3ad72e-c6a65085
9e5c75f1-c41ae42c
f79cb77b-3d47f4f4
24dca50e-4bb3e394
ca65a9fe-91ac3782
4ea303a6-3d47f4f4
61544484-ca7d8d80
313d831b-ed086639
9736de91-ca7d8d80
b2612322-8a9180b2
ea1014b7-dd21eb5a
244ca1ac-4ad60575
f47ae82a-746c2ad4
5e29d81-cf4f6ead
3ac60855-486e2a9c
246fb659-3a9ae350
f296190c-96d26288
4442aae2-6e3b1976
ed1d377-e1cc0f14
75f0f0a0-4ad60575
e2b18481-9d9eea77
e7e71889-4ad60575
cbf0c14e-bf3e6cfd
0
Comment
Question by:Robert Silver
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Bahloul
ID: 40545994
Hi,

you may use process explorer it might help you :-

http://technet.microsoft.com/ar-sa/sysinternals/bb896653.aspx

Bahloul.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 40546414
Hi.

I would setup NTFS auditing for chrome.exe and see what process launches it.

PS: be careful with logfiles pasted to questions - it scares many to even read it, better attach text files.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40547739
I could really use a better explanation as to why these connections were all made with Google Chrome's chrome.exe off of %windir%\explorer.exe?? Maybe part of some plugin??
But then there is no Facebook plug-in/add-on??
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:McKnife
ID: 40547774
Did you follow my advice? It will tell you who/what starts these processes.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40547811
I did not need your advice I was using the procexp.exe from system Internals already not to be rude - I greatly appreciate your response I only wish someone could enlighten me on what exactly is going on. Its clearly opening connections with Microsoft, Facebook and Google. My question would be why?? Why open these connections with Google Chrome???
0
 
LVL 57

Expert Comment

by:McKnife
ID: 40548401
I still urge you to tell us what starts these connections. Procmon/Procexp won't tell you, auditing will.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40568266
It shows It shows Windows Explorer.exe is the source but what I do not understand is why I seem to to be the only one aware of these connections. Does no one use network utilities.
I have come to loath Microsoft given their rotten support for their products and retro evolutionary software
Just look at their poor excuse for security and lousy  error reporting for decades and just keeps getting worse with ever new complication they feel justified to introduce.    case in point has anyone noticed how lousy the new windows update is on windows 8. Not only have they abandoned scrolling sortable tables but they continue to infuriate me with their lousy foolish
information I mean really this hotfix was put in place to fix a problem where users could overide security on Administrator functions or some such nonsense. Never are they specific. Like this effects I/O security with USB ports or This patch fixes a DOS Attack problem. Or this patch fixes a problem with too many network connections timing out or any number of better explanations.
 
If someone could explain why Google and Facebook and Microsoft have to open these connections when I am  not using their products/services   I would appreciate it!
0
 
LVL 2

Accepted Solution

by:
Robert Silver earned 0 total points
ID: 40568278
Looks like It was solved for me by Google Chrome support:
Evidently there is a setting in Chrome.exe:
'Continue running background apps when Google Chrome is closed'
This setting was originally checked when this issue showed up but when I
unchecked this near the bottom of chrome:settings ?  the problem ceased,

For others out there who did not know about this setting. Its subtle. I suppose it  spies on the system to some extent
that could be good if it monitors crashes, software incompatibilities  so Google can make hot fixes but it also can be intrusive and worry  some from a security point of view also.

You guys have to up your game.
0
 
LVL 2

Author Closing Comment

by:Robert Silver
ID: 40577048
Its the real answer to the problem
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question