Suspicious activity from and unknown app - RAOVA.EXE - Help Please

I recently reinstalled Windows XP Pro and decided to give Comodo a shot. Lately I’ve been getting a pop-up about a program called RAOVA.EXE trying to access Outlook. I’ve blocked this behavior and blocked RAOVA.EXE but I don’t know where it came from and searching a few different search engines didn’t turn up any useful results in English so I’m not sure if this thing is harmful or where it even came from. I think it only pops up when I’m browsing the web in Firefox of IE7. I’ve posted the log files from when this first started below. There is a RAOVA.EXE and a RAOVA.DLL in the C:\Windows directory, both with no information indicated on under properties for either file. Any help would be greatly appreciated.

Right now I’m trying to install things gradually under a virtual pc I set up because the base install on the virtual pc does not have that file.

-Comodo Version 2.4.18.184
-Cable internet connection though a DLink gaming router
-XP Pro SP2 - all updates
-Logged in as Admin
-Other than Comodo I have AVast and Spybot installed

Logs relating to RAOVA.EXE:::
::::::::::::::::::::::::::::::::::::::::::
Date/Time :2007-07-16 19:49:28
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:49:27
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:46:21
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:46:20
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:43:15
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:43:14
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:38
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:37
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:30
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:23
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:22
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:13
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:06
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:06
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (OUTLOOK.EXE:192.168.0.1: :dns(53))
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)

Date/Time :2007-07-16 19:40:04
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:39:57
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:39:56
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\WINDOWS\raova.exe modified the memory of C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE in memory.

Date/Time :2007-07-16 19:39:47
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:39:40
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:39:39
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\WINDOWS\raova.exe modified the memory of C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE in memory.

Date/Time :2007-07-16 19:36:30
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:36:23
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:36:22
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\WINDOWS\raova.exe modified the memory of C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE in memory.

Date/Time :2007-07-16 19:36:13
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:36:05
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE is an invisible application

Date/Time :2007-07-16 19:36:05
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (OUTLOOK.EXE)
Application: C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
Parent: C:\WINDOWS\raova.exe
Protocol: UDP Out
Destination: 192.168.0.1::dns(53)
Details: C:\WINDOWS\raova.exe modified the memory of C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE in memory.

wow, not many hits in google about those files…

Try uploading it to http://www.virustotal.com/ and see if you can gather some info that way.

Note: Ah, I see that filename in a german blog here: http://uweziegenhagen.blogspot.com/
I’ll try and translate the basics for you:
He executed a setup.exe that was scanned with McAfee prior to that.
Suddenly several files (irc.exe for example) tried to connect to the internet.
Some new processes were running in the background (manager.exe and urlmon.exe).
He found a folder called “setup” on his harddrive containing files like manager.exe, hosts.exe, download.exe and irc.exe.
He had a strange pop-up after a reboot reminding him of IE-update.
He then found those two files you mentioned, uploaded them to virustotal and 7 of the scanners reported: HEUR/Crypted, Trojan.Small-2868, SHeur.ND, Trojan-Spy.Win32.Delf.JQ, TrojanSpy:Win32/Logsnif.gen.

Now the “useful” information about this issue stops.

Well luckily I haven’t gone too far with this install, so I recovered with an Acronis image I created just after I got all of my updates and drivers in place. Now I’m test installing everything on a virtual pc to see what caused it to appear…