DNS not working

OK, I am having a problem with DNS and is wondering if anyone has a possible solution besides format/reload.

My system is a Dell Mini 10 running Dell OEM XP Home SP3

I recently recovered from an infection of what was most likely TDSS. Since then DNS has not been resolving.

Full story:
When I first discovered the infection, I ran mbam and AVG - both identified atapi.sys and afd.sys as infected along with some files in the temp and App Data folders. The infection was identified as a TDSS variant. Neither of the above were removing it, so I ran TDSSKiller - however, I had copied it from a USB key and like an idiot I wasn't paying attention and ran it from the key instead of from the desktop. Not realizing what I had done, I accidentally pulled the key before TDSSKiller had finished writing to it. On subsequent reboots the system would BSOD going into Normal or Safe mode with an IRQL_NOT_LESS_OR_EQUAL error.

Luckily I had been testing out Jolicloud (an Ubuntu Netbook Remix variant) on a new partition and was able to expand clean copies of atapi.sys and afd.sys off my Dell Restore CD and get those copied over the infected ones. While I was in the Linux environment I went ahead and cleared the temp files and removed the bad folder from App Data folder.

I was able to reboot into Windows (both in Safe Mode and Normal mode). HOORAY! But now I cannot resolve DNS.

Symptoms:

1. I can browse by IP fine, cannot browse by host name
2. I can ping successfully by IP, but get get "ping request could not find host" when pinging by hostname (I use google.com for pinging since they never drop ICMP)
3. nslookup resolves dns correctly

Attempted fixes (most of these attempted multiple times):

1. Removed/Readded browser to Windows Firewall exception list
2. Disabled Windows Firewall completely
3. Ran Winsockxpfix
4. Ran LSPFix
5. netsh int ip reset resetlog.txt
6. deleted the Winsock and Winsock2 registry keys, reboot
7. netsh winsock reset
8. System Restore to prior to the infection
9. Manually reinstalled Service Pack 3
10. Killed and restarted the DNS Client service
11. ipconfig /flushdns and /registerdns
12. Verified via multiple tools that infection has been removed (Combofix, Rootkit Repealer, HJT, Spybot, GMER, MBAM, AVG)
13. Manually changed DNS servers to both GoogleDNS and OpenDNS
14. And probably a few more I'm forgetting

Now I realize at this point I've been working on this problem for about 15 or 20 hours longer than the 20 minutes or less it would have taken to restore the factory image from the Dell Restore Partition :-o , but it has now become a matter of pride to try to conquer this thing without using the nuclear solution :major

 

Because I want to understand what happened - the underlying cause why, in the face of everything else that has been done, DNS is still not working. This will help me in the future if I encounter this problem again, and it will expand my knowledge. Consider me Sherlock Holmes and this problem my Moriarty - I am not yet ready to go over Reichenbach Falls, if you will.

I have the luxury here of a) still having access to all the local applications and data on this system b) having an alternate OS that still allows me to get online if I need to and c) this system not be my primary system - I have the time and the inclination to fix it without reloading.

Now, while blowing away the OS and reinstalling might be best solution in almost all circumstances - and to some degree I do acknowledge the rightness of that option, I am looking for a different resolution. Call it pride, hubris if you will, but I am determined to fix this dad-blasted machine .

The only reason (besides my aforementioned pride getting in the way) I am being so dogged in this is that in the 15 or so years I have provided desktop PC support, I have developed a very good sense of when an OS install is beyond redemption. In this particular instance my gut is strongly telling me that this is something that can be resolved with a little bit more persistence - that it is just some lack in my understanding of how DNS is set up in windows (what files and services are involved, what registry entries are created, any registered dlls, etc) that is preventing me from resolving the issue.

If someone who likes a challenge is willing to work with me in trying to fix this issue without a format/reload, I will gladly accept any help.

 

Well thanks for all the help! However, the issue got taken out of my hands this morning - the system stopped booting completely and the HDD started making that hollow thunking/clicking sound we all know and dread when a drive is toast. I tried a few things (writing 0s, fixboot/fixmbr, etc), but no joy in Mudville, so I spent the rest of the day loading a replacement hdd.

Oh well - again thanks