OK well i was like... ok so according to that thing the easiest way to bypass it is to stop it form loading.. then i got another idea.. what if i closed it?.. well i looked and their was no EXE for it.. then i found
ehsvc.dll
in the Folder for Hshield and IN combat arms meaning Hshield injected it..(this comes by if you stop Hshield from loading - if combat arms loaded it, it would still load it)... thus i began my tests..
some basic tips
Dont use ollydbg to debug this dll.. it cause a system wide no-bsod crash (lost like 2 hours of work..)
apparently the following things fail:
1. Unloading it once its made the D3d
2. Replacing the whole thing with NOP once its loaded the D3d
3. Editing the name - HS compiles it from scratch that it loads from the internet on every load.
not sure what else their is cause i cant see its ASM or watch its functions cause its EVIL.. (also this means odds are you can just stop it from being able to inject the dll.. this is MUCH more up the allies of a lot of you hackers seeing, you do stuff with injectors and their sources all the time.)
any more ideas feel free to share them.. (will work on it some more tomorrow night.. i got school in like.. 4 hours and need 4 hours of sleep very badly)