I'm sorry, but I can't reproduce the loading of vbscript.dll with the WebGadget... All I found with
Since the WebGadget was loaded with "OleCreate(Microsoft Web Browser <Shell.Explorer.2>, ...)" maybe take a closer look at COM (Ole32.dll)
Code: Select all
web.exe, 0x400000, 64 kB,
advapi32.dll, 0x75ac0000, 644 kB, Advanced Windows 32 Base API
api-ms-win-core-synch-l1-2-0.dll, 0x6e360000, 12 kB, ApiSet Stub DLL
apisetschema.dll, 0x40000, 4 kB, ApiSet Schema DLL
apphelp.dll, 0x712f0000, 304 kB, Application Compatibility Client Library
atl.dll, 0x6a920000, 80 kB, ATL Module for Windows XP (Unicode)
AudioSes.dll, 0x71d50000, 216 kB, Audio Session
avrt.dll, 0x71200000, 28 kB, Multimedia Realtime Runtime
bcrypt.dll, 0x6c520000, 92 kB, Windows Cryptographic Primitives Library (Wow64)
bcryptprimitives.dll, 0x6c4e0000, 244 kB, Windows Cryptographic Primitives Library
cfgmgr32.dll, 0x77720000, 156 kB, Configuration Manager DLL
clbcatq.dll, 0x75b70000, 524 kB, COM+ Configuration Catalog
comctl32.dll, 0x73180000, 1,62 MB, User Experience Controls Library
credssp.dll, 0x6a770000, 32 kB, Credential Delegation Security Package
crypt32.dll, 0x76a40000, 1,13 MB, Crypto API32
crypt32.dll.mui, 0x27e0000, 40 kB, Crypto API32
cryptbase.dll, 0x758a0000, 48 kB, Base cryptographic API DLL
cryptnet.dll, 0x658e0000, 116 kB, Crypto Network Related API
cryptsp.dll, 0x6c940000, 92 kB, Cryptographic Service Provider API
C_20127.NLS, 0x34c0000, 68 kB,
dciman32.dll, 0x6f410000, 24 kB, DCI Manager
ddraw.dll, 0x6f420000, 924 kB, Microsoft DirectDraw
ddraw.dll.mui, 0x5520000, 4 kB, Microsoft DirectDraw
ddrawex.dll, 0x6f510000, 40 kB, Direct Draw Ex
devobj.dll, 0x76980000, 72 kB, Device Information Set DLL
dnsapi.dll, 0x6ca40000, 272 kB, DNS Client API DLL
dwmapi.dll, 0x73040000, 76 kB, Microsoft Desktop Window Manager API
dxtmsft.dll, 0x6e300000, 348 kB, DirectX Media -- Image DirectX Transforms
dxtrans.dll, 0x6f520000, 228 kB, DirectX Media -- DirectX Transform Core
FWPUCLNT.DLL, 0x6a870000, 224 kB, FWP/IPsec User-Mode API
gdi32.dll, 0x768f0000, 576 kB, GDI Client DLL
GdiPlus.dll, 0x72b80000, 1,57 MB, Microsoft GDI+
gpapi.dll, 0x65900000, 88 kB, Group Policy Client API
ieframe.dll, 0x6fcf0000, 10,54 MB, Internet Browser
ieframe.dll.mui, 0x2550000, 1,19 MB, Internet Browser
iertutil.dll, 0x76be0000, 2 MB, Run time utility for Internet Explorer
imgutil.dll, 0x6f570000, 44 kB, IE plugin image decoder support DLL
imm32.dll, 0x76df0000, 384 kB, Multi-User Windows IMM32 API Client DLL
index.dat, 0x2d0000, 32 kB,
index.dat, 0x480000, 176 kB,
index.dat, 0x2350000, 1,36 MB,
index.dat, 0x3c40000, 32 kB,
index.dat, 0x98c0000, 48 kB,
IPHLPAPI.DLL, 0x73160000, 112 kB, IP Helper API
jscript.dll, 0x6f580000, 712 kB, Microsoft ® JScript
jscript.dll.mui, 0x34e0000, 16 kB, Microsoft ® JScript
kernel32.dll, 0x75910000, 1,06 MB, Windows NT BASE API Client DLL
KernelBase.dll, 0x77290000, 284 kB, Windows NT BASE API Client DLL
KernelBase.dll.mui, 0x48f0000, 768 kB, Windows NT BASE API Client DLL
ksuser.dll, 0x6a8b0000, 16 kB, User CSA Library
locale.nls, 0x410000, 412 kB,
lpk.dll, 0x76e50000, 40 kB, Language Pack
midimap.dll, 0x6f640000, 28 kB, Microsoft MIDI Mapper
mlang.dll, 0x6f6b0000, 184 kB, Multi Language Support DLL
mlang.dll.mui, 0x1de0000, 16 kB, Multi Language Support DLL
MMDevAPI.dll, 0x71d90000, 228 kB, MMDevice API
MMDevAPI.dll.mui, 0x2680000, 4 kB, MMDevice API
msacm32.dll, 0x72850000, 80 kB, Microsoft ACM Audio Filter
msacm32.drv, 0x6f650000, 32 kB, Microsoft Sound Mapper
msasn1.dll, 0x774c0000, 48 kB, ASN.1 Runtime APIs
msctf.dll, 0x77750000, 820 kB, MSCTF Server DLL
mshtml.dll, 0x6f720000, 5,77 MB, Microsoft (R) HTML Viewer
mshtml.dll.mui, 0x5460000, 4 kB, Microsoft (R) HTML Viewer
mshtml.tlb, 0x4750000, 1,57 MB, Microsoft® MSHTML Typelib
msimg32.dll, 0x73530000, 20 kB, GDIEXT Client DLL
msimtf.dll, 0x6f6e0000, 44 kB, Active IMM Server DLL
msls31.dll, 0x6f6f0000, 168 kB, Microsoft Line Services library file
msvcrt.dll, 0x772e0000, 688 kB, Windows NT CRT DLL
mswsock.dll, 0x72180000, 240 kB, Microsoft Windows Sockets 2.0 Service Provider
NapiNSP.dll, 0x6ca20000, 64 kB, E-mail Naming Shim Provider
ncrypt.dll, 0x6ad90000, 228 kB, Windows cryptographic library
nlaapi.dll, 0x6ca30000, 64 kB, Network Location Awareness 2
normaliz.dll, 0x76b70000, 12 kB, Unicode Normalization DLL
nsi.dll, 0x779c0000, 24 kB, NSI User-mode interface DLL
ntdll.dll, 0x77bf0000, 1,62 MB, NT Layer DLL
ntdll.dll, 0x77db0000, 1,5 MB, NT Layer DLL
ntmarta.dll, 0x72f10000, 132 kB, Windows NT MARTA provider
nvd3dum.dll, 0x6e370000, 16,61 MB, NVIDIA WDDM D3D Driver, Version 418.99
ole32.dll, 0x77000000, 1,37 MB, Microsoft OLE for Windows
oleacc.dll, 0x734f0000, 240 kB, Active Accessibility Core Component
oleaccrc.dll, 0x1f0000, 4 kB, Active Accessibility Resource DLL
oleaut32.dll, 0x774d0000, 580 kB,
pngfilt.dll, 0x6f560000, 56 kB, IE PNG plugin image decoder
pnrpnsp.dll, 0x6ca00000, 72 kB, PNRP Name Space Provider
powrprof.dll, 0x73940000, 148 kB, Power Profile Helper DLL
profapi.dll, 0x6cbd0000, 44 kB, User Profile Basic API
propsys.dll, 0x72f40000, 980 kB, Microsoft Property System
psapi.dll, 0x768e0000, 20 kB, Process Status Helper
rasadhlp.dll, 0x6a940000, 24 kB, Remote Access AutoDial Helper
rasapi32.dll, 0x6a9c0000, 328 kB, Remote Access API
rasman.dll, 0x6a9a0000, 84 kB, Remote Access Connection Manager
rpcrt4.dll, 0x77160000, 960 kB, Remote Procedure Call Runtime
RpcRtRemote.dll, 0x6c8f0000, 56 kB, Remote RPC Extension
rsaenh.dll, 0x6c900000, 236 kB, Microsoft Enhanced Cryptographic Provider
rtutils.dll, 0x6f670000, 52 kB, Routing Utilities
schannel.dll, 0x70c20000, 260 kB, TLS / SSL Security Provider
sechost.dll, 0x76a20000, 100 kB, Host for SCM/SDDL/LSA Lookup APIs
secur32.dll, 0x73430000, 32 kB, Security Support Provider Interface
SensApi.dll, 0x6f660000, 24 kB, SENS Connectivity API DLL
setupapi.dll, 0x77820000, 1,61 MB, Windows Setup API
setupapi.dll.mui, 0x24f0000, 52 kB, Windows Setup API
shell32.dll, 0x75c00000, 12,3 MB, Windows Shell Common Dll
shell32.dll.mui, 0x5400000, 368 kB, Windows Shell Common Dll
shlwapi.dll, 0x76b80000, 348 kB, Shell Light-weight Utility Library
SortDefault.nls, 0x1f80000, 2,81 MB,
sspicli.dll, 0x758b0000, 384 kB, Security Support Provider Interface
StaticCache.dat, 0x5d70000, 9,31 MB,
stdole2.tlb, 0x27f0000, 16 kB,
sxs.dll, 0x71cf0000, 380 kB, Fusion 2.5
t2embed.dll, 0x6e2e0000, 120 kB, Microsoft T2Embed Font Embedding
urlmon.dll, 0x76e60000, 1,25 MB, OLE32 Extensions for Win32
urlmon.dll.mui, 0x4b0000, 32 kB, OLE32 Extensions for Win32
user32.dll, 0x773c0000, 1 MB, Multi-User Windows USER API Client DLL
user32.dll.mui, 0x3d50000, 20 kB, Multi-User Windows USER API Client DLL
userenv.dll, 0x6cbe0000, 92 kB, Userenv
usp10.dll, 0x75a20000, 628 kB, Uniscribe Unicode script processor
uxtheme.dll, 0x73060000, 512 kB, Microsoft UxTheme Library
version.dll, 0x73140000, 36 kB, Version Checking and File Installation Libraries
wdmaud.drv, 0x6f680000, 192 kB, Winmm audio system driver
wdmaud.drv.mui, 0x2500000, 4 kB, Winmm audio system driver
wininet.dll, 0x77570000, 980 kB, Internet Extensions for Win32
winmm.dll, 0x739f0000, 200 kB, MCI API DLL
winmm.dll.mui, 0x1df0000, 24 kB, MCI API DLL
winnsi.dll, 0x73150000, 28 kB, Network Store Information RPC interface
winrnr.dll, 0x6c9f0000, 32 kB, LDAP RnR Provider DLL
wintrust.dll, 0x77670000, 188 kB, Microsoft Trust Verification APIs
Wldap32.dll, 0x769d0000, 276 kB, Win32 LDAP API DLL
wow64.dll, 0x73380000, 252 kB, Win32 Emulation on NT64
wow64cpu.dll, 0x756d0000, 32 kB, AMD64 Wow64 CPU
wow64win.dll, 0x73320000, 368 kB, Wow64 Console and Win32 API Logging
ws2_32.dll, 0x77250000, 212 kB, Windows Socket 2.0 32-Bit DLL
wship6.dll, 0x72160000, 24 kB, Winsock2 Helper DLL (TL/IPv6)
WSHTCPIP.DLL, 0x733e0000, 20 kB, Winsock2 Helper DLL (TL/IPv4)
xmllite.dll, 0x769a0000, 188 kB, Microsoft XmlLite Library
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x00000000000002dd.db, 0x98d0000, 124 kB,