This browser window showing http://elementary.io/
appears after I installed then uninstalled the Pantheon environment:
Originally this occurred after (and possibly before) ppa-purging the PPA only when not connected to the internet - a window without a title that the window manager would ignore would appear, then dissapear. The grep process in the background was me searching the root of the system for clues to the problem - I found that some settings in gconf had been left which were causing a additional issue with the elementary theme set as default, which I then apt-get auotremoved)
After apt-get autoremoving the elementary packages it opens properly in a web browser
It seems to appear randomly (in a random web browser - I have Firefox, Chromium and Chrome installed - this started happening before installing Chrome), and after unlocking the screen, connecting to the internet etc. I think the URL it is pointing to is http://start.elementaryos.org which then redirects to http://elementary.io/
I installed it as shown here, and then removed the PPAs using ppa-purge, and then used apt-get autoremove on any remaining bits.
I know this a third-party PPA, but I don't think these issues should occur after removing it. It also causes issues with the Unity desktop as shown here. This feels uncomfortably like the things you get with adware/freeware/malware on windows..
Using Ubuntu 14.04 64bit
EDIT: By looking at htop I have found that the process is started as root the run as the active user (gamer) using su:
I have not a clue what point this has apart to encourage the rapid removal of everything relevant to elementaryOS...
ppa-purgeis unneffective with that ppa, (elementary-os/daily) & the same with autoremove.Open Synaptic,
click Settings, Repositories
Click Add and add back the ppa you used previously & update sources.
Click the Reload button in the upper left corner, then Origin. Click on the entry for that ppa/now similar (entry highlighted above). With shift+click highlight all the packages & mark for removal, and remove them.
Then remove the PPA from your software sources Under Settings, Repositories.
Source: comment from @doug
The clue here is "captive-login" in your last screenshot. This is a new feature [1] in Elementary OS which seeks to make connecting to the Internet seamless when behind captive portals (hence the name). It is similar in nature to features on mobile platforms like iOS and Android. When on a restricted connection such as hotel or airport wifi a check is made to see if the computer can reach the 'real' Internet, and not the blocked off bit you have to sign into, in order to gain access.
So to me this just looks like a remnant of that feature kicking around, and needs removal.
[1] https://code.launchpad.net/~spinatelli/elementaryos/captive-login
Run