Well I don't think that the dll had any real protection apart from the Themida packing.
There's probably some static signature in the dll or alteration to game memory that can be detected.
Although Darky could just mess with the dll header, change the size, the hook location... And have it undetected again in 5 minutes. (Well, depending how it's being detected.)
Does BE still use ModuleFirst, ModuleNext and the ToolHelp funcs to iterate through the dlls?