Just created an account so I could reply to this thread. I had a client become infected with the same malicious service "System Update kb70007". Thank God I saw this thread, as I had spent about 3 hours trying to clean up this infection and was about 5 minutes away from throwing in the towel and recommending a rebuild. So, thank you! My situation sounds pretty similar, user complained that emails were getting stuck in the Outbox. Upon investigating, noticed that Internet Proxy Settings were enabled to port 8118. He doesn't use privoxy so I began hunting for malware. MBAM cleaned about 100 items off, but after reach reboot, the proxy settings returned. Ran about every other tool I could think of, and the proxy settings would still return. Tried using gpedit to disable changes to proxy settings, no dice.
My particular 'aha' moment was when, as a last ditch effort, I ran autoruns to try and see if anything subtle is inserting itself into the startup items. Didn't see anything so I continued going through all the tabs in Autoruns and came to the Services list and low and behold, the System Update kb70007 service. Was not able to delete the folder but after running RKill, I was. Deleted the folder and then rebooted. NO PROXY anymore!!! I'll reboot a couple more times to make sure, but hopefully this is fixed.
I also noticed something else very strange, in his C drive he has a folder named Syst68301037 and it appears to contain a bunch of backups of certain system folders/files. Did you notice the same folder in C:? I'm assuming yours would have a different 8 digits.
Who knows, I still may recommend a rebuild, considering we won't know how deep this infection goes. But if his proxy is staying disabled from now on, that's probably a good start. He'll ask what I did to fix it, and then he'll ask why it took me 3 hours to do so. And then I'll remind him that it's not about the destination, it's about the journey (or if I want to be blunt I'll tell him that hindsight is always 20/20 and stop clicking on bad sites)