cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor

Is this a normal Go2Meeting log? Silent install/uninstall daily and Expertcity probe connections

Hello, smallish nonprofit here. I've had some odd activity on my network and on a few of our computers. In  addition to logs like this one from the temp folder, I see constant connections from expertcity.com like from  probe-tinet.ams.expertcity.com and probe-reliance.bgl.expertcity.com a few computers, which a search says citrix/logmein corporate apps. The users say they have not used Go2Meeting in over a month.   Thank you!

 

=========================11/01/17, 06:37:10 =========================

C:\Users\XXXXX\AppData\Local\Temp\LogMeInLogs\G2MInst.log

06:37:10 12C0 GoToMeeting Installer build 7856

06:37:10 12C0 args received:

06:37:10 12C0 "/Action Install" "/DoNotStartG2M True" /silent

06:37:10 12C0 logSecurityInfo

OS ver 6.1,

lua=1, virtualization=1, inst-detect=1,

integrity level 0x00002000 (MEDIUM)

06:37:10 12C0 effective args:

06:37:10 12C0 "/Action Install" "/DoNotStartG2M True" /silent

06:37:10 12C0 install.

06:37:10 12C0 checkAndGetToken

06:37:10 12C0 locateInstallKeys

06:37:10 12C0 Insufficient access to HKLM.

06:37:10 12C0 locateInstallDirs

06:37:10 12C0 _evalCandidateDir C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856.

06:37:10 12C0 _appDir: C:\Users\XXXXXX\AppData\Local\GoToMeeting

06:37:10 12C0 This build (7856) is newer than the latest build installed (7759).

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\uninshlp.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\uninshlp.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_en.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_en.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_de.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_de.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_fr.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_fr.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_es.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_es.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_it.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_it.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_zh.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_zh.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_ko.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_ko.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_ja.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_ja.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResource_pt-BR.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResource_pt-BR.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MResourceImages.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MResourceImages.dll

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstaller.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MInstaller.exe

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstHigh.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MInstHigh.exe

06:37:10 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstHigh.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MUninstall.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MOutlookAddin.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MOutlookAddin.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MOutlookAddin64.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MOutlookAddin64.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MIMessenger.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MIMessenger.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\ImmersiveWindowsFinderDllWin8.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\ImmersiveWindowsFinderDllWin8.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\scrutil.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\scrutil.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MVideoStreamingDSP64.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MVideoStreamingDSP64.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MAudioStreamingDSP64.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MAudioStreamingDSP64.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MWmpPlugin64.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MWmpPlugin64.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MTestSound.wav to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2MTestSound.wav

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\g2mui.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mui.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\g2mcomm.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mcomm.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\g2mtranscoder.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mtranscoder.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\g2mlauncher.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mlauncher.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2M.dll to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2M.dll

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstaller.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mstart.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstaller.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mvideoconference.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstaller.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mupdate.exe

06:37:11 12C0 _copyFile from C:\Users\XXXXXX\AppData\Local\Temp\B6DA62A8-B2CD-4A14-AFDB-324EBEA6D2C6\G2MInstaller.exe to C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\g2mupload.exe

06:37:11 12C0 testExecutionInInstallDir

06:37:11 12C0 _createProcess: ...

06:37:12 12C0 _enableSilentElevation

06:37:12 12C0 created key {B806AF71-38F3-40C3-9409-5D78BC2487F4}

06:37:12 12C0 _registerRecordPlaybackCodec(true)

06:37:12 12C0 codecPath = C:\Users\XXXXXX\AppData\Local\GoToMeeting\7856\G2M.dll

06:37:12 12C0 codec DLL registration error 80070005.

06:37:12 12C0 _registerDirectLaunchHandlers

06:37:12 12C0 _registerDirectLaunchHandlers

06:37:12 12C0 _setupScheduledTasks

06:37:12 12C0 _recreateScheduledTask

06:37:12 12C0 Deleted scheduled task with name 'G2MUpdateTask-S-1-5-21-431206158-1273056214-3533991069-1138'.

06:37:12 12C0 Created scheduled task with name 'G2MUpdateTask-S-1-5-21-431206158-1273056214-3533991069-1138'.

06:37:12 12C0 _recreateScheduledTask

06:37:12 12C0 Deleted scheduled task with name 'G2MUploadTask-S-1-5-21-431206158-1273056214-3533991069-1138'.

06:37:13 12C0 Created scheduled task with name 'G2MUploadTask-S-1-5-21-431206158-1273056214-3533991069-1138'.

06:37:13 12C0 cleanupMyDirectory

 

========================= XX/XX/XX, 07:26:01 =========================

C:\Users\XXXXXX\AppData\Local\Temp\LogMeInLogs\G2MInst.log

07:26:01 2AE0 GoToMeeting Installer build 7856

07:26:01 2AE0 args received:

07:26:01 2AE0 /silent "/uninstall 7297"

07:26:01 2AE0 logSecurityInfo

OS ver 6.1,

lua=1, virtualization=1, inst-detect=1,

integrity level 0x00002000 (MEDIUM)

07:26:01 2AE0 effective args:

07:26:01 2AE0 /silent "/uninstall 7297"

07:26:01 2AE0 uninstall.

07:26:01 2AE0 checkAndGetToken

07:26:01 2AE0 Version found in HKCU.

07:26:01 2AE0 uninstallOneVersion

07:26:01 2AE0 Version found in HKCU.

07:26:01 2AE0 _uninstallVersion(7297)

07:26:01 2AE0 _unregisterDirectLaunchHandlers

07:26:01 2AE0 _disableSilentElevation

07:26:01 2AE0 removed key {A17C5B2E-4BEE-43A9-9FF2-A2ADB5D47DF1}

07:26:01 2AE0 _removeAssociatedMsiInstallation

 

Also the update log has sections like:

 

2017-11-03 04:26:01.340 PST d: [g2mupdate] <cda1> Publish spec to 1 acquirers

2017-11-03 04:26:01.341 PST d: [g2mupdate] <cda1> Store spec for protocol 3, 0 clients waiting

2017-11-03 04:26:01.349 PST d: [g2mupdate] <http1> HTTPS connect: Start connect to p5.osdimg.com(173.199.4.19<resolved>) (index=0)

2017-11-03 04:26:01.351 PST i: [g2mupdate] <http1> HTTPS connect: Creating SSL socket

2017-11-03 04:26:01.352 PST d: [g2mupdate] <http1> JInet: Use SSL connector

2017-11-03 04:26:01.354 PST i: [g2mupdate] <AddressResolver(1)(ECTaskAdapter)(0)> DNS lookup for "p5.osdimg.com"

2017-11-03 04:26:01.530 PST d: [g2mupdate] <http1> setting SNI host name to p5.osdimg.com

2017-11-03 04:26:01.560 PST d: [g2mupdate] <http1> The last log message in this thread was repeated 3 time(s)

"setting SNI host name to p5.osdimg.com"

 

 

2017-11-02 03:12:06.220 PST d: [g2mcomm] <62/IRpcManager.configure> CEgwLink::connect() - Connecting...

2017-11-02 03:12:06.220 PST d: [g2mcomm] <62/IRpcManager.configure> {Session 1 rpc::NeighborAdaptor(1)::} connect: initiating connection to neighbor

2017-11-02 03:12:06.220 PST i: [g2mcomm] <62/IRpcManager.configure> {Session 1 rpc::EPNeighbor[1]::} _connect: connecting to the remote host [216.115.208.230(egwglobal.gotomeeting.com):8200, 80, 443]

2017-11-02 03:12:06.220 PST d: [g2mcomm] <62/IRpcManager.configure> comm::jinet::JJediSocketProviderCreator::createSocketProvider(): validated server [egwglobal.gotomeeting.com(216.115.208.230<initial>)]

2017-11-02 03:12:06.220 PST i: [g2mcomm] <AddressResolver(1)(AddressResolveTask)(0)> DNS lookup for "egwglobal.gotomeeting.com"

2017-11-02 03:12:06.220 PST i: [g2mcomm] <62/IRpcManager.configure> comm::jinet::JSpecProviderBroker::getJediProvider(): Creating the singleton connection spec provider

2017-11-02 03:12:06.220 PST i: [g2mcomm] <62/IRpcManager.configure> JConnSpecProviderCda: CDA requested

2017-11-02 03:12:06.221 PST i: [g2mcomm] <62/IRpcManager.configure> {Session 1 RpcPeerController::} connect: successfully initiated connect to peer 2

2017-11-02 03:12:06.228 PST d: [g2mcomm] <cda1> setting SNI host name to p5.osdimg.com

2017-11-02 03:12:06.228 PST i: [g2mcomm] <cda1> Verified: HTTPS p5.osdimg.com(173.199.4.19<resolved>):443 <dns/4>, method=SSL stage=CDA source=[R]

2017-11-02 03:12:06.228 PST d: [g2mcomm] <cda1> CDA Startup finished with 1 spec(s)

2017-11-02 03:12:06.228 PST d: [g2mcomm] <cda1> Publish spec to 1 acquirers

2017-11-02 03:12:06.228 PST d: [g2mcomm] <cda1> Store spec for protocol 3, 0 clients waiting

2017-11-02 03:12:06.242 PST d: [g2mcomm] <http1> HTTPS connect: Start connect to p5.osdimg.com(173.199.4.19<resolved>) (index=0)

2017-11-02 03:12:06.250 PST i: [g2mcomm] <cda2> Started CDA Startup, address count = 1, allotted time = 180000ms

2017-11-02 03:12:06.250 PST i: [g2mcomm] <cda2> Verifying: Jedi egwglobal.gotomeeting.com(216.115.208.230<resolved>):443 <ip/4>, method=SSL stage=CDA source=[R]

2017-11-02 03:12:06.250 PST d: [g2mcomm] <cda2> JInet: Use SSL connector

2017-11-02 03:12:06.250 PST d: [g2mcomm] <cda2> Add ping stage: JEDI PING

2017-11-02 03:12:06.417 PST d: [g2mcomm] <cda2> The last log message in this thread was repeated 2 time(s)

2 REPLIES
LogMeIn Manager

Re: Is this a normal Go2Meeting log? Silent install/uninstall daily and Expertcity probe connections

Hi,

 

It looks like they still have the GoToMeeting software installed and the auto update feature is periodically checking to see if there is a new version avialble. It will be listed in their Add/Remove Programs, uninstalling it from there will remove the application.

Glenn is a member of the LogMeIn Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!
New Contributor

Re: Is this a normal Go2Meeting log? Silent install/uninstall daily and Expertcity probe connections

Hmm, it was especially odd though because there was a new share called $Logfile  which it was accessing.