Today I was repairing a PC that would give a lot of page not found errors, wouldn’t update Symantec virus definitions, and wouldn’t perform Windows Updates.  When I tried browsing to housecall.trendmicro.com I couldn’t get that page to load up either.  When I tried pinging these sites, I would receive a 127.0.0.1 address.  I checked the hosts file but nothing was out of the ordinary.  It turns out the computer I was working on was infected with the tdssserv rootkit.  Below are the steps I took to remove it from the workstation.

Try running these these tools:
They have to be fresh downloads, especially combofix has to be the latest version.
1. Download SDFix and save it to your desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press “Enter”.
* Choose your usual account.

* Open the extracted folder and double click “RunThis.bat” to start the script.
* Type “Y” to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display “Finished”, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and attach the contents of the results file “Report.txt” back

2. download ComboFix to your Desktop, from either of these locations:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix’s window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

This link below shows how to use Combofix as well as installing RC if it isn’t installed yet.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix