1) start progg.and dump with PETools(or LordPe)
2) find OEP in dumped.exe (PEiD - detect)
2) launch ImpRec on running progg.
3) find IAT
3) Fix dump Dumped.exe -> Dumped_.exe

EDIT:
OEP second layer?????,,
Each write his search otherwise - by TRW and Softice - I I have Xp so that TRW no-use - examine it in Olly - but I don't know how find OEP for the second layer