Database Breach - An Update

[grodmanen]

In response to post #31968650.

Zugmaster wrote: Has there still been any info about what that suspicious dsound.dll file does? If it carried a payload, it would be very important to know what it contains, where it installed it and what ones affected should do.

E: or did anyone run it through VirusTotal at least? If so, result links would be nice.

I am also curious to hear about news regarding the suspicious dsound.dll file

[sauron0000]

Someone was trying to login using my Nexus account shortly after the breach. That followed by other attempts to login to other online accounts that use my email address recorded on the Nexus. Luckily this person failed to gain access and just ended up locking out my accounts.

 

This breach would explain a lot.

Edited December 14, 2015 by sauron0000

[AdraxasNazaron]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

MTZGG wrote: Ad Victoriam.

Mycu wrote: 100% agreed.

Mindprobe24 wrote: +1, nice words dude ;)

Jn_Panower wrote: +1 !

Stargazer2893 wrote: +1

Erez747 wrote: +1 Couldn't have said it better myself. :)

Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!

EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher level

MooseUpNorth wrote: Very well said. +1

Bram1970 wrote: +1

grimgagorim wrote: +1 well said, well said

Terafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.

It's not often that things are spoken so clearly and honestly from any company.

+1

Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!

padawanjedi wrote: +1

shinru2004 wrote: +1 ^

kev999 wrote: I second rickman. Well done, Team Nexus.

zidders wrote: Well said.

LogikBomb wrote: Hear, hear

ijc1927 wrote: Excellently put. +1

conjior wrote: +1 as well! Treat people like people.
Thanks again to the Nexus community and the Nexus team!
I love this place! :)

rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...

Blake81 wrote: The Lulz.

The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.

+1
thank you robin for all the information

[ZeroBoogie1]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615, #31978895 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

MTZGG wrote: Ad Victoriam.

Mycu wrote: 100% agreed.

Mindprobe24 wrote: +1, nice words dude ;)

Jn_Panower wrote: +1 !

Stargazer2893 wrote: +1

Erez747 wrote: +1 Couldn't have said it better myself. :)

Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!

EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher level

MooseUpNorth wrote: Very well said. +1

Bram1970 wrote: +1

grimgagorim wrote: +1 well said, well said

Terafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.

It's not often that things are spoken so clearly and honestly from any company.

+1

Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!

padawanjedi wrote: +1

shinru2004 wrote: +1 ^

kev999 wrote: I second rickman. Well done, Team Nexus.

zidders wrote: Well said.

LogikBomb wrote: Hear, hear

ijc1927 wrote: Excellently put. +1

conjior wrote: +1 as well! Treat people like people.
Thanks again to the Nexus community and the Nexus team!
I love this place! :)

rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...

Blake81 wrote: The Lulz.

The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.

qqq122 wrote: +1
thank you robin for all the information

The same for me, my feelings exactly.

Mileniumman

[MartineV]

How would a compromised dll file contained in a mod actually infect a PC. As far as I know, most mods do not execute code do they?

[seba1337]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615, #31978895, #31980730 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

MTZGG wrote: Ad Victoriam.

Mycu wrote: 100% agreed.

Mindprobe24 wrote: +1, nice words dude ;)

Jn_Panower wrote: +1 !

Stargazer2893 wrote: +1

Erez747 wrote: +1 Couldn't have said it better myself. :)

Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!

EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher level

MooseUpNorth wrote: Very well said. +1

Bram1970 wrote: +1

grimgagorim wrote: +1 well said, well said

Terafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.

It's not often that things are spoken so clearly and honestly from any company.

+1

Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!

padawanjedi wrote: +1

shinru2004 wrote: +1 ^

kev999 wrote: I second rickman. Well done, Team Nexus.

zidders wrote: Well said.

LogikBomb wrote: Hear, hear

ijc1927 wrote: Excellently put. +1

conjior wrote: +1 as well! Treat people like people.
Thanks again to the Nexus community and the Nexus team!
I love this place! :)

rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...

Blake81 wrote: The Lulz.

The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.

qqq122 wrote: +1
thank you robin for all the information

Mileniumman wrote: The same for me, my feelings exactly.

Mileniumman

Damn right! +10

[Toft]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430, #31762590, #31770575, #31770655, #31770875, #31775185, #31778925, #31779245, #31780640, #31785130, #31785185, #31786765, #31806700, #31808850, #31811630, #31817170, #31846715, #31849190, #31856815, #31866030, #31877395, #31877985, #31881445, #31885980, #31893710, #31897225, #31899965, #31901575, #31906245, #31910235, #31914830, #31930150, #31951615, #31978895, #31980730, #31990045 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

btgbullseye wrote: +1

xenonblade wrote: +1

AlexZander40 wrote: Well said. May the modding goodness continue.

DFX2K9 wrote: Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)

Legion563 wrote: +1.

ExtremeMod911 wrote: Absolutely :)

Domifax wrote: +1

Bernt wrote: Totally agree :)

Dragodian777 wrote: "Ditto"...well said.

Saltamontes1980 wrote: +1
I concur, thank you Dark0ne.

dagstar132 wrote: good point well made. transparency in operation and intention is paramount.

Thanks for sharing.

Dag

JD777 wrote: +(1 X infinity) :)

JD777 wrote: Sorry double post but no delete button. :(

MTZGG wrote: Ad Victoriam.

Mycu wrote: 100% agreed.

Mindprobe24 wrote: +1, nice words dude ;)

Jn_Panower wrote: +1 !

Stargazer2893 wrote: +1

Erez747 wrote: +1 Couldn't have said it better myself. :)

Slimysumocow wrote: Definitely +1 for the wonderful Dark0ne and the rest of the Nexus team! Thank you guys!

EWM333 wrote: well said Richard, this is a great community. Thanks Robin for giving modders and gamers a way to play games on a higher level

MooseUpNorth wrote: Very well said. +1

Bram1970 wrote: +1

grimgagorim wrote: +1 well said, well said

Terafir wrote: I only signed up for this site about 3 weeks ago. So it made me a bit wary on what was going on. But, as everything was extremely clearly said and given, I have no concerns whatsoever about the security of the site.

It's not often that things are spoken so clearly and honestly from any company.

+1

Arksum007 wrote: While I have not been a member before this year I have found that this site is great the constant updates are amazing and like everyone else is saying that being treated like a real person is a great benefit for me and makes me want to continue using this site for finding all my mods. thanks for the update and keep up the good work!

padawanjedi wrote: +1

shinru2004 wrote: +1 ^

kev999 wrote: I second rickman. Well done, Team Nexus.

zidders wrote: Well said.

LogikBomb wrote: Hear, hear

ijc1927 wrote: Excellently put. +1

conjior wrote: +1 as well! Treat people like people.
Thanks again to the Nexus community and the Nexus team!
I love this place! :)

rimshot47 wrote: nice recap of a potentially ugly situation.. Not sure what provokes hackers to do this...

Blake81 wrote: The Lulz.

The ones doing this kind of stuff are usually Script Kiddies looking for a scrap of fame, or just for the wicked accomplishment of looking at these news and cackling while they wish they had a dastardly whiplash they could twirl.

qqq122 wrote: +1
thank you robin for all the information

Mileniumman wrote: The same for me, my feelings exactly.

Mileniumman

seba1337 wrote: Damn right! +10

+1 and very well said

Simon (Toft)

[Lioness446]

I searched my computer and found a dsound.dll file, but I am not sure if it's a suspicous file or something my computer needs. I opened it in Notepad and found this:

ˆ €   € ¸ È Ø Hh ð d ² a |

W E V T _ T E M P L A T E M U I |4 V S _ V E R S I O N _ I N F O ½ïþ @° @°? Ú S t r i n g F i l e I n f o ¶ 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n @ F i l e D e s c r i p t i o n D i r e c t S o u n d l & F i l e V e r s i o n 6 . 1 . 7 6 0 0 . 1 6 3 8 5 ( w i n 7 _ r t m . 0 9 0 7 1 3 - 1 2 5 5 ) 8 I n t e r n a l N a m e D i r e c t S o u n d € . L e g a l C o p y r i g h t © M i c r o s o f t C o r p o r a t i o n . A l l r i g h t s r e s e r v e d . > O r i g i n a l F i l e n a m e d s o u n d . d l l j % P r o d u c t N a m e M i c r o s o f t ® W i n d o w s ® O p e r a t i n g S y s t e m B P r o d u c t V e r s i o n 6 . 1 . 7 6 0 0 . 1 6 3 8 5 D V a r F i l e I n f o $ T r a n s l a t i o n ° CRIM° Kµ“ŠZǵI¥¾`q[3$ WEVTŒ Œ ô Ü è ( 4 @ CHANh ¨ ÿÿÿÿL M i c r o s o f t - W i n d o w s - D i r e c t S o u n d / D e b u g TTBLè TEMPP P Òêyg¦Ø»$ž<[ 7øJ. ÿÿ D‚ E v e n t D a t a TEMPŒ a\û { ?¬~dcüò

. Aÿÿ D‚ E v e n t D a t a ´ FMw x m l n s : a u t o - n s 2 / h t t p : / / s c h e m a s . m i c r o s o f t . c o m / w i n / 2 0 0 4 / 0 8 / e v e n t s ¼ x m l n s

D i r e c t S o u n d N S ÿÿ

h r

ÿÿ [k h r S t r i n g

¸ Ä h r h r S t r i n g OPCO LEVL@ P ( w i n : I n f o r m a t i o n a l TASK KEYW EVNTp € ° ô ˜ € °P ô ˜ ÍþÍþ𠆔›³žxn`¡è9:¹'6[²æ[àG¤Ã uhl.…· ˆ * ¸ À Ð à W E V T _ T E M P L A T E M U I M U I e n - U S

 

And this...

 

DSOUND.dll DirectSoundCaptureCreate DirectSoundCaptureCreate8 DirectSoundCaptureEnumerateA DirectSoundCaptureEnumerateW DirectSoundCreate DirectSoundCreate8 DirectSoundEnumerateA DirectSoundEnumerateW DirectSoundFullDuplexCreate DllCanUnloadNow DllGetClassObject GetDeviceID

 

Does this mean it's legit, or should I delete it?

Edited December 15, 2015 by Lioness446

[RedDragon53]

Being brand new to this site, I'm impressed by the professional layout and feel of the forum. I think I'm going to like visiting more often. Thanks

[electricpanda14]

In response to post #31999465.

Lioness446 wrote: I searched my computer and found a dsound.dll file, but I am not sure if it's a suspicous file or something my computer needs. I opened it in Notepad and found this:
ˆ €   € ¸ È Ø Hh ð d ² a |
W E V T _ T E M P L A T E M U I |4 V S _ V E R S I O N _ I N F O ½ïþ @° @°? Ú S t r i n g F i l e I n f o ¶ 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n @ F i l e D e s c r i p t i o n D i r e c t S o u n d l & F i l e V e r s i o n 6 . 1 . 7 6 0 0 . 1 6 3 8 5 ( w i n 7 _ r t m . 0 9 0 7 1 3 - 1 2 5 5 ) 8 I n t e r n a l N a m e D i r e c t S o u n d € . L e g a l C o p y r i g h t © M i c r o s o f t C o r p o r a t i o n . A l l r i g h t s r e s e r v e d . > O r i g i n a l F i l e n a m e d s o u n d . d l l j % P r o d u c t N a m e M i c r o s o f t ® W i n d o w s ® O p e r a t i n g S y s t e m B P r o d u c t V e r s i o n 6 . 1 . 7 6 0 0 . 1 6 3 8 5 D V a r F i l e I n f o $ T r a n s l a t i o n ° CRIM° Kµ“ŠZǵI¥¾`q[3$ WEVTŒ Œ ô Ü è ( 4 @ CHANh ¨ ÿÿÿÿL M i c r o s o f t - W i n d o w s - D i r e c t S o u n d / D e b u g TTBLè TEMPP P Òêyg¦Ø»$ž<[ 7øJ. ÿÿ D‚ E v e n t D a t a TEMPŒ a\û { ?¬~dcüò
. Aÿÿ D‚ E v e n t D a t a ´ FMw x m l n s : a u t o - n s 2 / h t t p : / / s c h e m a s . m i c r o s o f t . c o m / w i n / 2 0 0 4 / 0 8 / e v e n t s ¼ x m l n s
D i r e c t S o u n d N S ÿÿ
h r
ÿÿ [k h r S t r i n g
¸ Ä h r h r S t r i n g OPCO LEVL@ P ( w i n : I n f o r m a t i o n a l TASK KEYW EVNTp € ° ô ˜ € °P ô ˜ ÍþÍþ𠆔›³žxn`¡è9:¹'6[²æ[àG¤Ã uhl.…· ˆ * ¸ À Ð à W E V T _ T E M P L A T E M U I M U I e n - U S

And this...

DSOUND.dll DirectSoundCaptureCreate DirectSoundCaptureCreate8 DirectSoundCaptureEnumerateA DirectSoundCaptureEnumerateW DirectSoundCreate DirectSoundCreate8 DirectSoundEnumerateA DirectSoundEnumerateW DirectSoundFullDuplexCreate DllCanUnloadNow DllGetClassObject GetDeviceID

Does this mean it's legit, or should I delete it?

I found quite a few dsoun.dll files in my windows files. For now, I would just stick with some sort of antivirus and scan your computer, because I dont think a mod actually can contain any exes to make it install in that directory.