Running Windows Defender Offline revealed and took care of an adware infection, but that's not why I'm posting here. During the course of our Web research into the problem, we learned that there is a new IE exploit in the wild, which Microsoft considers serious enough to recommend deploying the Enhanced Mitigation Experience Toolkit (EMET; see the link under "Suggested Actions").
Other places recommended avoiding the use of Internet Explorer until MS issues a fix for the vulnerability. My wife was spooked by the weird behavior the night before, so we decided to play it safe and install both Firefox and EMET on my wife's PC. I already have Firefox (although IE8 is still my default browser) and had downloaded EMET back in July to my Vista machine but had never gotten around to trying it. This was the prod I needed to give it a whirl.
Boy, am I sorry I tried that thing. Within an hour of installing EMET and adding iexplore.exe to its list of applications, a Windows Update icon popped up in my Notification Area. "Oh, maybe Microsoft has already found a fix for this IE problem," I thought. So I clicked on the icon and the usual "Checking Windows Updates" window appeared.
Except that it never actually found anything! Normally, I find out within a few seconds what the Update is, or if there aren't any. But here the "Checking..." notice never stopped, never came to a resolution. It just kept running.
Then, when I clicked on "View Update History" -- there was nothing listed!! Huh?? It claimed that I had "never" installed any updates!?!
I tried System Restore to the point just before EMET was installed, but the restore attempt failed. Next I tried to restore to the previous restore point, a couple of days ago, and that failed too. "Nothing was changed," I think is how the System Restore failure message reads. Wonderful.
An extensive Google search revealed little useful about the situation. I did learn where the Windows Update history log is located (DataStore.epd in Windows --> SoftwareDistribution --> DataStore). The current .EPD file was 80MB in size.
Fortunately I'd done a complete system image at the start of the month, so I went into that to see if recovering the DataStore.epd file from there would help. This seemed promising, as the size of that file is 243MB. So I renamed DataStore.epd to DataStore.bak and extracted the September 1 version to the DataStore directory. This appeared to work, except that the recovered file was now 100MB (not 243, and not 80) and the update history still wasn't showing up.
I went to bed feeling angry and frustrated, reviewing my possibilities for getting back an OS that can get updates. I left the machine running, backing up my data and e-mail files in case I needed to install a system image.
Before going to bed, at some point (it's all a blur now) I uninstalled EMET from my computer.
Slept for little more than four hours , woke up still mulling over what to do. Came back to the computer, saw the Windows Update icon again. With no expectation of improvement, I clicked on it out of curiosity, and -- lo and behold! -- it found and installed a Windows Defender update. (Three updates that I had hidden long ago also showed up again.) So that function seems to have come back, although I still lack the update history and another Google search has uncovered no way to recover it.
Incidentally, my wife had added other applications to the EMET list, including Outlook, Adobe Acrobat, and MS Word, on the theory that she might be downloading or receiving documents of these types via e-mail, so the additional protection provided by EMET might come in handy. But the next time she tried to watch a video online (on CNN), she found that it took forever to load. Opening Word documents was also running like molasses. Removing Acrobat from the EMET list took care of the video issue, and removing Word from the list took care of the molasses. She ended up uninstalling EMET altogether -- it made using her PC an exercise in patience -- and is browsing with Firefox pending a proper IE fix from Microsoft.
User beware. Oh, and I'd still like to know if there is any possible way to recover/restore/retrieve the Windows Update History -- you know, the one that tells you, in a neat chronological list, when you installed the updates and whether the attempts failed or succeeded.
Edited by JorgeA, 19 September 2012 - 09:08 AM.