Solved

Why do I have 8 connections using Google Chrome when it was not opened or default browser?

Posted on 2015-01-12
9
612 Views
Last Modified: 2015-01-29
Question: Why am I seeing 8 instances of chrome.exe  even though I did not open Chrome or specify it as my default browser?

The following are the image command lines for the 8 instances followed by netstat of the 8 chrome.exe process instances and finally my current version information for  Google Chrome
as pulled  via URL chrome://version
Please note I have installed the developer plugin for GWT(Google Web Toolkit)  Still I am trying to understand if these instaces are Google's doing or some 3rd party maybe eclipse.org,
appache.org  etc...

Here is the list of command lines: note to track the 8 pids of command lines I kept track of the current ((PID)) as displayed below:

1. ((6008))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

2. (5312)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6008.0.167718706\228420465" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411

3. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151

4. ((1048))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.2.1442307980\889199543" /prefetch:673131151


5. ((4528))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.3.496189420\1768498121" /prefetch:673131151

6.((5452))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.4.15851665\850061674" /prefetch:673131151

7.((5856))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_98/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6008.5.364988783\967599653" /prefetch:673131151


8. ((6596))
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpjpnpmbddbjkfaccnmhnkdgjideieim\1.0.11357_0\WINNT_x86-msvc/npGwtDevPlugin.dll" --lang=en-US --channel="6008.8.1581781278\444234900" /prefetch:-390060480
-------------------------
NETSTAT:
Report: NetStat

Process, Proto, Loc. IP, Loc. Port, Rem. IP, Rem. Port, State, Hostname, PID
chrome.exe, TCP, 192.168.1.4, 50352, 173.194.37.80, https, ESTABLISHED, atl14s08-in-f16.1e100.net, 6008
chrome.exe, TCP, 192.168.1.4, 50361, 204.79.197.200, http, ESTABLISHED, a-0001.a-msedge.net, 6008
chrome.exe, TCP, 192.168.1.4, 50364, 204.79.197.200, http, ESTABLISHED, a-0001..a-msedge.net 6008
chrome.exe, TCP, 192.168.1.4, 50367, 31.13.69.80, https,     ESTABLISHED, edge-star-shv-10-iad1.facebook.com, 6008
chrome.exe, TCP, 192.168.1.4, 50369, 204.79.197.200, https, ESTABLISHED, a-0001.a-msedge.net, 6008


Note I did a whois on the a-msedge.ne domain and it appears to be Microsoft owned
facebook.com also seems to have a connection always there I am going to query the support for each of these until I get a good answer.
There is too much of this sneaky tcp/ip connections being made

So now I am asking myself why is Google Chrome opening up these connections taking up resources when I did not open that browser?
Note 1e100.net   is owned by Google.

So it appears these connections through Google Chrome are through Google, Microsoft, and Facebook. Why might that be?
How do I control these connections??

-------------------------
Google Chrome      39.0.2171.95 (Official Build) m
Revision      86b48442d063e82f94969f5439badf11c9baeacc-refs/branch-heads/2171@{#461}
OS      Windows
Blink      537.36 (@186555)
JavaScript      V8 3.29.88.17
Flash      16.0.0.235
User Agent      Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Command Line      "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window --flag-switches-begin --flag-switches-end
Executable Path      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Profile Path      C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
Variations      74785582-3f4a17df
e950616e-ca7d8d80
e9f4800b-39c30599
8afebf76-164ff01c
19f73432-ca7d8d80
76b48ab8-a2567007
c70841c8-a2567007
195ce1b5-d93a0620
1d3ad72e-c6a65085
9e5c75f1-c41ae42c
f79cb77b-3d47f4f4
24dca50e-4bb3e394
ca65a9fe-91ac3782
4ea303a6-3d47f4f4
61544484-ca7d8d80
313d831b-ed086639
9736de91-ca7d8d80
b2612322-8a9180b2
ea1014b7-dd21eb5a
244ca1ac-4ad60575
f47ae82a-746c2ad4
5e29d81-cf4f6ead
3ac60855-486e2a9c
246fb659-3a9ae350
f296190c-96d26288
4442aae2-6e3b1976
ed1d377-e1cc0f14
75f0f0a0-4ad60575
e2b18481-9d9eea77
e7e71889-4ad60575
cbf0c14e-bf3e6cfd
0
Comment
Question by:Robert Silver
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:Bahloul
Comment Utility
Hi,

you may use process explorer it might help you :-

http://technet.microsoft.com/ar-sa/sysinternals/bb896653.aspx

Bahloul.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.

I would setup NTFS auditing for chrome.exe and see what process launches it.

PS: be careful with logfiles pasted to questions - it scares many to even read it, better attach text files.
0
 
LVL 2

Author Comment

by:Robert Silver
Comment Utility
I could really use a better explanation as to why these connections were all made with Google Chrome's chrome.exe off of %windir%\explorer.exe?? Maybe part of some plugin??
But then there is no Facebook plug-in/add-on??
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Did you follow my advice? It will tell you who/what starts these processes.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 2

Author Comment

by:Robert Silver
Comment Utility
I did not need your advice I was using the procexp.exe from system Internals already not to be rude - I greatly appreciate your response I only wish someone could enlighten me on what exactly is going on. Its clearly opening connections with Microsoft, Facebook and Google. My question would be why?? Why open these connections with Google Chrome???
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
I still urge you to tell us what starts these connections. Procmon/Procexp won't tell you, auditing will.
0
 
LVL 2

Author Comment

by:Robert Silver
Comment Utility
It shows It shows Windows Explorer.exe is the source but what I do not understand is why I seem to to be the only one aware of these connections. Does no one use network utilities.
I have come to loath Microsoft given their rotten support for their products and retro evolutionary software
Just look at their poor excuse for security and lousy  error reporting for decades and just keeps getting worse with ever new complication they feel justified to introduce.    case in point has anyone noticed how lousy the new windows update is on windows 8. Not only have they abandoned scrolling sortable tables but they continue to infuriate me with their lousy foolish
information I mean really this hotfix was put in place to fix a problem where users could overide security on Administrator functions or some such nonsense. Never are they specific. Like this effects I/O security with USB ports or This patch fixes a DOS Attack problem. Or this patch fixes a problem with too many network connections timing out or any number of better explanations.
 
If someone could explain why Google and Facebook and Microsoft have to open these connections when I am  not using their products/services   I would appreciate it!
0
 
LVL 2

Accepted Solution

by:
Robert Silver earned 0 total points
Comment Utility
Looks like It was solved for me by Google Chrome support:
Evidently there is a setting in Chrome.exe:
'Continue running background apps when Google Chrome is closed'
This setting was originally checked when this issue showed up but when I
unchecked this near the bottom of chrome:settings ?  the problem ceased,

For others out there who did not know about this setting. Its subtle. I suppose it  spies on the system to some extent
that could be good if it monitors crashes, software incompatibilities  so Google can make hot fixes but it also can be intrusive and worry  some from a security point of view also.

You guys have to up your game.
0
 
LVL 2

Author Closing Comment

by:Robert Silver
Comment Utility
Its the real answer to the problem
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This video will take you through the Geo tab, including Location and Language demographics. It will also take you through the Technology tab, including mobile devices. Click on Audience – Geo  a. Look at location demographics  b. Look at Language de…
This Micro Tutorial demonstrates in Google how to submit a page to get it crawled quickly or recrawled after making changes that you wan tot show up in Google.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now