Solved

Why do I have 8 connections using Google Chrome when it was not opened or default browser?

Posted on 2015-01-12
9
811 Views
Last Modified: 2015-01-29
Question: Why am I seeing 8 instances of chrome.exe  even though I did not open Chrome or specify it as my default browser?

The following are the image command lines for the 8 instances followed by netstat of the 8 chrome.exe process instances and finally my current version information for  Google Chrome
as pulled  via URL chrome://version
Please note I have installed the developer plugin for GWT(Google Web Toolkit)  Still I am trying to understand if these instaces are Google's doing or some 3rd party maybe eclipse.org,
appache.org  etc...

Here is the list of command lines: note to track the 8 pids of command lines I kept track of the current ((PID)) as displayed below:

1. ((6008))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

2. (5312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6008.0.167718706\228420465" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411

3. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151

4. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151


5. ((4528))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.3.496189420\1768498121" /prefetch:673131151

6.((5452))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.4.15851665\850061674" /prefetch:673131151

7.((5856))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.5.364988783\967599653" /prefetch:673131151


8. ((6596))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11357_0\WINNT_x86-msvc/npGwtDevPlugin.dll" --lang=en-US --channel="6008.8.1581781278\444234900" /prefetch:-390060480
-------------------------
NETSTAT:
Report: NetStat

Process, Proto, Loc. IP, Loc. Port, Rem. IP, Rem. Port, State, Hostname, PID
chrome.exe, TCP, 192.168.1.4, 50352, 173.194.37.80, https, ESTABLISHED, atl14s08-in-f16.1e100.net, 6008
chrome.exe, TCP, 192.168.1.4, 50361, 204.79.197.200, http, ESTABLISHED, a-0001.a-msedge.net, 6008
chrome.exe, TCP, 192.168.1.4, 50364, 204.79.197.200, http, ESTABLISHED, a-0001..a-msedge.net 6008
chrome.exe, TCP, 192.168.1.4, 50367, 31.13.69.80, https,     ESTABLISHED, edge-star-shv-10-iad1.facebook.com, 6008
chrome.exe, TCP, 192.168.1.4, 50369, 204.79.197.200, https, ESTABLISHED, a-0001.a-msedge.net, 6008


Note I did a whois on the a-msedge.ne domain and it appears to be Microsoft owned
facebook.com also seems to have a connection always there I am going to query the support for each of these until I get a good answer.
There is too much of this sneaky tcp/ip connections being made

So now I am asking myself why is Google Chrome opening up these connections taking up resources when I did not open that browser?
Note 1e100.net   is owned by Google.

So it appears these connections through Google Chrome are through Google, Microsoft, and Facebook. Why might that be?
How do I control these connections??

-------------------------
Google Chrome      39.0.2171.95 (Official Build) m
Revision      86b48442d063e82f94969f5439badf11c9baeacc-refs/branch-heads/2171@{#461}
OS      Windows
Blink      537.36 (@186555)
JavaScript      V8 3.29.88.17
Flash      16.0.0.235
User Agent      Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Command Line      "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window --flag-switches-begin --flag-switches-end
Executable Path      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Profile Path      C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
Variations      74785582-3f4a17df
e950616e-ca7d8d80
e9f4800b-39c30599
8afebf76-164ff01c
19f73432-ca7d8d80
76b48ab8-a2567007
c70841c8-a2567007
195ce1b5-d93a0620
1d3ad72e-c6a65085
9e5c75f1-c41ae42c
f79cb77b-3d47f4f4
24dca50e-4bb3e394
ca65a9fe-91ac3782
4ea303a6-3d47f4f4
61544484-ca7d8d80
313d831b-ed086639
9736de91-ca7d8d80
b2612322-8a9180b2
ea1014b7-dd21eb5a
244ca1ac-4ad60575
f47ae82a-746c2ad4
5e29d81-cf4f6ead
3ac60855-486e2a9c
246fb659-3a9ae350
f296190c-96d26288
4442aae2-6e3b1976
ed1d377-e1cc0f14
75f0f0a0-4ad60575
e2b18481-9d9eea77
e7e71889-4ad60575
cbf0c14e-bf3e6cfd
0
Comment
Question by:Robert Silver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Bahloul
ID: 40545994
Hi,

you may use process explorer it might help you :-

http://technet.microsoft.com/ar-sa/sysinternals/bb896653.aspx

Bahloul.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40546414
Hi.

I would setup NTFS auditing for chrome.exe and see what process launches it.

PS: be careful with logfiles pasted to questions - it scares many to even read it, better attach text files.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40547739
I could really use a better explanation as to why these connections were all made with Google Chrome's chrome.exe off of %windir%\explorer.exe?? Maybe part of some plugin??
But then there is no Facebook plug-in/add-on??
0
Are Your IoT Devices Out to Get You?

IoT business is booming, with manufacturers connecting any and every “thing” to the Internet. But as pressure grows to release new products faster and faster, we’re all left to wonder: is security a priority? Join our webinar on June 29th for the answer.

 
LVL 55

Expert Comment

by:McKnife
ID: 40547774
Did you follow my advice? It will tell you who/what starts these processes.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40547811
I did not need your advice I was using the procexp.exe from system Internals already not to be rude - I greatly appreciate your response I only wish someone could enlighten me on what exactly is going on. Its clearly opening connections with Microsoft, Facebook and Google. My question would be why?? Why open these connections with Google Chrome???
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40548401
I still urge you to tell us what starts these connections. Procmon/Procexp won't tell you, auditing will.
0
 
LVL 2

Author Comment

by:Robert Silver
ID: 40568266
It shows It shows Windows Explorer.exe is the source but what I do not understand is why I seem to to be the only one aware of these connections. Does no one use network utilities.
I have come to loath Microsoft given their rotten support for their products and retro evolutionary software
Just look at their poor excuse for security and lousy  error reporting for decades and just keeps getting worse with ever new complication they feel justified to introduce.    case in point has anyone noticed how lousy the new windows update is on windows 8. Not only have they abandoned scrolling sortable tables but they continue to infuriate me with their lousy foolish
information I mean really this hotfix was put in place to fix a problem where users could overide security on Administrator functions or some such nonsense. Never are they specific. Like this effects I/O security with USB ports or This patch fixes a DOS Attack problem. Or this patch fixes a problem with too many network connections timing out or any number of better explanations.
 
If someone could explain why Google and Facebook and Microsoft have to open these connections when I am  not using their products/services   I would appreciate it!
0
 
LVL 2

Accepted Solution

by:
Robert Silver earned 0 total points
ID: 40568278
Looks like It was solved for me by Google Chrome support:
Evidently there is a setting in Chrome.exe:
'Continue running background apps when Google Chrome is closed'
This setting was originally checked when this issue showed up but when I
unchecked this near the bottom of chrome:settings ?  the problem ceased,

For others out there who did not know about this setting. Its subtle. I suppose it  spies on the system to some extent
that could be good if it monitors crashes, software incompatibilities  so Google can make hot fixes but it also can be intrusive and worry  some from a security point of view also.

You guys have to up your game.
0
 
LVL 2

Author Closing Comment

by:Robert Silver
ID: 40577048
Its the real answer to the problem
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial will demonstrate how marketers can use the Mobile Emulation Tool in Chrome Developer Tool. This will let you preview your site on any mobile device.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question