I'm new in this forums and can't get attachments, so don't know how to find exact version. What i now about my program:
1. was writen with VB;
2. calls WriteProcessMemory 2 times with 2 bytes;
3. can't run detached process without renaming olly;
4. rewrites calls to some functions with antidebugging code;
5. has strange anti disassembling code jumping into commands middle.

What i did:
detached with ActiveProcessStop;
breaked in .text section at push ebp... and dumped;
used ImpRec to change unknown functions with +64h to original dll's
deleted calls to {a: jump b; b: jump c; c: jump a} and others whose, i think, does dillo work to unpacking(?) or was to hard to understand for me becouse they must not be called if program is working without shell?

I'm newby;
don't beat me hard- i can't connect to ricnar (DNS reports IP 0.0.0.0)
and the Internet gives nothing usefull, Olly scripts crashes, Armadumpers/killers is writen for earlier versions.
So trying forums