Found a registry entry called 'lameme' in the HKLM\SOFTWARE branch.
Your mission (should you choose to accept it) is to find the something
that writes that key in the registry. So, basically, $25 to the first
person who can find out what dumps the 'lameme' key in the registry
branch named above. Proof must be provided.

---

Clarification of Question by wod-ga on 25 Apr 2003 08:27 PDT

That might be of help to the general public (and anyone who comes
across this.) Nope, this machine has not ever had NAV installed.

---

Request for Question Clarification by mmastrac-ga on 27 Apr 2003 08:00 PDT

Would it be acceptable to provide a method that would allow you to
instantly determine the program that wrote to the registry key?

---

Request for Question Clarification by mmastrac-ga on 27 Apr 2003 08:10 PDT

BTW, is there a process named "winsrvc.exe" running on your Windows system?

In NT/2000/XP: Use the task manager to look (hit Ctrl+Shift+Esc)
In 95/98/Me: Download process explorer from:
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

When you delete (or rename) the key, does it come back?

The culprit appears to be Friendgreeting.com, although proof might be
difficult, because they have disappeared. Read this thread at Google
Groups:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&newwindow=1&threadm=tsehrukd8tgidabb936hrn6j0q816k48ls%404ax.com&rnum=3&prev=/groups%3Fnum%3D30%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26newwindow%3D1%26q%3Dlameme%2Bregistry%26sa%3DN%26tab%3Dwg

This is Symantec's take on it, although they do not mention "lameme":
http://www.sarc.com/avcenter/venc/data/friendgreetings.html

It is also known as Hide Minimized: 
http://vil.nai.com/vil/content/v_99812.htm

that's what I thought at first. But then you'd have to _install_ that
app. There's nothing here like that.

We have discovered that Norton Antivirus Corporate. v8 installs the
'lameme' reg entry.
We were also wondering where lameme came from, so on one of our
machines we upgraded we used RegCleaner v4.1 to scan the registery
everytime we installed an Application.  Before installing Nav there
were 4 entries in the registery, after installing Nav there were new
entries for Symantec and for an 'Unknown Author'.  We have contacted
Norton support to find out the purpose of that reg key, if you like I
can let you know also when we find out.

We've only have NAV Corp. v8.0, so I don't know if other versions of
NAV also install this key - I can only assume it does.  Plus you are
likely to have installed some version of NAV on your machines.

wod...

The text:
"Shutting down all services  software\lameme RpcImpersonateClient"
appears in the file D:\Program Files\Install Shield\Driver\7\
Intel 32\IDriver.exe on my WIN2K machine. This file is an
"Install Driver Module" for InstallShield.

A search for this file indicates it is a standard part of the
Install Shield software. Since this file references "software\lameme",
I would assume 'lameme' to be a normal, expected part of the system,
rather than some trojan, virus or spyware.

------------------------------------------------------------------------

IDriver.exe

Idriver.exe is the InstallShield Scripting Runtime engine. It is
required on a computer to run some installations created with
InstallShield. Idriver.exe is located in one or both of the following
common file locations:

    C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32
    C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32

http://consumer.installshield.com/glossary.asp

------------------------------------------------------------------------

sublime1-ga

I believe sublime1 is correct.  The source of the 'lameme' registry
entry is InstallShield's InstallDriver from InstallShield Developer
7.0x (not sure if other versions of InstallShield have it).

To test this I created a "dummy" InstallShield Developer project.  All
my "dummy" project did was copy notepad.exe to a directory.  I ran my
installer on a clean machine and the 'lameme' registry entry was
created.

I contacted InstallShield support about this three weeks ago but have
not heard a response.

Good luck.

Symantec also pins the Installshield with creating the lameme key:
"What is the registry key HKEY_LOCAL_MACHINE\Software\Lameme? 

Situation:
You installed Symantec AntiVirus Corporate Edition (Symantec AV).
After doing so, you notice that the following registry key has been
created:

HKEY_LOCAL_MACHINE\Software\lameme

You want to know more about this key.

Solution:
This registry key is created by Installshield 7 during the Symantec AV
installation. Specifically, the C:\Program Files\Common
Files\InstallShield\Driver\7\Intel32\IDriver.exe file writes this key
during the Symantec AV pre-installation tasks.

Symantec is currently investigating the functionality of this key. For
additional information regarding Installshield, please visit
http://www.installshield.com/.