I got this detection alert from spywareguard

NEW BHO DETECTION ALERT
On 21:16:26 06/08/2006 a new BHO installation attempt was detected.
BHO: {44a62fb0-4af0-454e-8c37-5c59b36f8483}
ProgramID: n/a
File Location: C:\WINDOWS\system32\esenart.dll
User Action Taken: REMOVE BHO

I took the user action remove bho ten times before I finally gave up and allowed it to keep the bho. I just kept getting the same alert every time I requested it remove the bho. Anyone seen this behavior on spywareguard before? Also anyone familiar with this particular bho? Thanks in advance for any help. Joyjg

Random filename as well as CLSID by the looks of it, so impossible to say offhand what it could be.

I do assume you already tried removing the BHO with all IE windows closed?

It could have other files associated with it that prevent it from being deleted. I suggest you go to one of the boards that specialize in malware removal and post a HijackThis log, so that folks can advise you how to go about cleaning that machine.

Here are two very good ones that aren't quite as busy as the 'big' names:

http://www.bleepingcomputer.com/forums/index.php?
http://gladiator-antivirus.com/forum/index.php?act=idx

Thanks Tony, I will post a hijackthis log on one of those and see if anyone has seen this particular bho. Joy

np - good luck! :)