Re: persistent connection to qw-in-f113.1e100.net on boot
Tcpvcon.exe is the command line version of the utiility. It looks like you running it from my documents. Tcpview does connect to the internet and is not a problem. Try running the GUI version which is TCPview.exe. Consider running it from somewhere on your root drive, perhaps C:\program files\sysinternals. You can run it from anywhere so if you are comfortable running an execute from my documents by all means do so.
Anything that appears as time wait has been closed but because it takes time to properly close the connection Tcpview indicates it is handed off to system 0. That is not exactly correct but as long as you understand the connection is closed and waiting to finish you should still be able to right click the connection > properties > and get the path to the executable if you do it before it completely closes out. Sometimes there will be more than one time wait and it will be a WAG to determine the correct one. Click on view > update speed > 5 seconds. This gives you five seconds to find the correct closed wait. The default is one second.
If your connection happens really early in the boot sequence it may not be possible to capture the path because it may already be completely closed out. If that is happening you might try putting Tcpview in your start up folder so it comes up with your boot.
You appear to be using a third party firewall. Are there any logs that might help explain what is using this connection? Some firewalls allow you to establish different levels of logging. Is that an option for you? What is the exact name of the google service you have installed? Have you tried setting the service to disable, not manual but disable? Are there any other google applications installed?
There is no boot logging associated with Tcpview so that is not an option. Process monitor does do boot logging but you really need to set a filter or you will be faced with pages and pages of logs that do not apply to this connection.
First of all - thank you for a very complete reply! And all the help. I've run both the GUI and command line of tcpview, and from several locations. I've watched the connection go from WAIT to ESTABLISHED, then dissappear, then return later. When I right click on the connection in tcpview I always get an error that states it cannot query PROC ID 0. The only Google app I have installed (that I'm aware of) is Google Earth, and that was installed about 3 years ago - this is a relatively new issue. I have some technical background - and this one has me stumped right now. Also - no third party firewall??? What is the indication for that??
If Google Earth is truly the only Google app that is running on your PC, then Google Earth is a likely source of the connection to qw-in-f113.1e100.net.
That connection is certainly to a Google server as verified by nslookup, whois and by simply putting http://qw-in-f113.1e100.net into a browser address bar.
Since you have already used TCPView, you might also want to try Process Explorer to be absolutely sure that there are no other Google processes running on your PC. -- History does not long entrust the care of freedom to the weak or the timid. -- Dwight D. Eisenhower The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants. -- Thomas Jefferson
·
·
·
·