This file tends but no always show up when I am powering down the client system. Problem is --> I can't find it, anywhere! <-- Doesn't show with PE, TCPView, etc only if and when it hangs when I am shutting the system down.

Windows XP SP2

Applications open when I have seen this:
Acrobat 7.x
Domino Client 6.5.2

Other software that would be considered normal for a work session:
TrendMicro (NeatSuite up to date)
RSS feed
Powerchute
Foxfire 1.0.4

The application (CiceroUIWFrame.exe) can and usually but not always hangs and the last app to unload before shutdown. Even then I generally have to hang the domino client on purpose to get it to work.

Now, I am as curious about such things as the next tech but... I gotta tell ya this one has really stumped me. Anyone seen this before? Tried all the usual suspects, A/Vs, Disk Searches even advanced Google searches. Either this is something really odd or I have missed the trees despite the forrest. ::)

Which wouldn't be unexplainable either. Sometimes I do miss the trees despite the forrest, orchards and ummmm...arboretums! Yeah, thats it - arboretums! Hey, its late on a Friday afternoon and I'm running a bit out of steam.

I look forward to any and all replies with my thanks in advance.

- beads

I have it too! It is not concerning any of the programs you have mentioned because I am not urrently using SP2 and have the same error.
undoubtedly a trojan.

Now, that is odd. I have run root-kit analyzers, anti-spyware, trend, mcaffee, et. al. Nothing! And I do mean nothing is catching this. I cannot find anything in the registery that even begins to relate to this file.

Well, atleast its a good one. >:(

To help in shutdown, install the additional MS service UPHcleanup.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

I think Cicero is related to MS alternative text input service

To help in shutdown, install the additional MS service UPHcleanup.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

I think Cicero is related to MS alternative text input service. From one MS KB article

Cicero Unaware Application Support (CUAS). CUAS is a feature of the Microsoft Windows XP operating system that provides support for Advanced Text Services. Examples of these services include handwriting recognition, speech recognition, and East Asian keyboard input services.

Do you have ctfmon.exe running in the background?

I did find one post mentioning CiceroUIWFrame dating from 2003 but it is not illuminating.

http://www.pcbanter.net/showthread.php?t=211134

JRosenfeld, et. all;

That smarts! LOL! A real: "I could have had a V8 moment!"

I really went through the registry/drives and checked the usual sites with no luck. This file must really be buried somewhere in the OS.

Saw red when this came up because of the simple word: IFRAME. A known attack and pretty much dismissed any other possibility. I will be more careful in the future.

Confirm that ctfmon.exe is running on in the background, for what reason - I dunno, to be honest. That should be fairly simple to take off voice recognition. Most likely installed by default by HP (who made the desktop).

Well, thanks again! The information is truly appreciated. Looks like I have to go dig a bit deeper into the MS site to find out what the real problem is and how to fix it.


- beads

Now, I can take myself out of the dog house.