Unusual DNS Connections - Can't find cause

My internet connection has been pretty sporadic, and other devices in my home are fine. I decided to do some checking. I work for my ISP, so tools to help diagnose are plenty. I pulled up a Sandvine report, and noticed 30-70k DNS connections consistently. I don't run a DNS server, so this is odd. Check in my router and my device has the most open connections...and is opening more.

Check Microsoft Network Monitor and see that it is indeed my computer opening those connections, to a randomized subdomain of x99moyu.net on randomized ports. A LOT of them. I ran Bitdefender Free, ADWCleaner, then Malwarebytes, then Hitman Pro. Hitman Pro found some minor PUP stuff, none of the other scans found anything. In fact, ADWCleaner didn't even find my temp files from browsing. Weird.

Anyway, I'm at the edge of my knowledge. I know it's my device, it appears to be a botnet or water torture attack, and I dunno where to go from here. I have a number of tools available, my router is running DDWRT, and I've been working in IT (Including PC repair) for 4 years.

DDS.txt
==================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 11.65.2
Run by Root at 1:08:33 on 2016-01-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2495 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Root\AppData\Local\Akamai\netsession_win.exe"
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: Interfaces\{A0CCDB60-0B3F-4F6F-9B29-A343648B135D} : NameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\1z6eob4u.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Root\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\Users\Root\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Root\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2015-12-20 56208]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetLwf.sys [2015-12-18 194976]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-6-11 1152656]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-6-11 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-6-11 23007376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-6-11 410768]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-8-5 5702416]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2015-6-11 1930240]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-1-19 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-6-11 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-6-11 46768]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-6-19 104120]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-6-19 124088]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2016-1-19 127752]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-1-19 1135416]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 GalaxyClientService;GalaxyClientService;C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2015-6-20 1616440]
S3 GalaxyCommunication;GalaxyCommunication;C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2015-6-20 7184440]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-14 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-1-19 63704]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-7-31 2099720]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-12-15 1008880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-14 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-11-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-14 29696]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2016-01-19 08:46:37 -------- d-----w- C:\Program Files\HitmanPro
2016-01-19 08:45:07 -------- d-----w- C:\ProgramData\HitmanPro
2016-01-19 08:44:56 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-19 08:44:44 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-01-19 08:44:44 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-01-19 08:44:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-19 08:44:43 -------- d-----w- C:\ProgramData\Malwarebytes
2016-01-19 08:44:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-19 08:39:15 97612 ----a-w- C:\ProgramData\1453192739.bdinstall.bin
2016-01-19 08:38:58 37823 ----a-w- C:\ProgramData\1453192736.bdinstall.bin
2016-01-19 08:38:00 -------- d-----w- C:\AdwCleaner
2016-01-19 07:34:25 274622 ----a-w- C:\ProgramData\1453187809.bdinstall.bin
2016-01-19 07:33:17 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2016-01-19 07:33:16 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2016-01-19 07:16:49 -------- d-----w- C:\Users\Root\AppData\Roaming\QuickScan
2016-01-19 07:15:58 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3
2016-01-19 04:29:31 -------- d-----w- C:\Users\Root\AppData\Local\SecondLife
2016-01-19 04:29:06 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
2016-01-15 20:42:10 -------- d-----w- C:\Users\Root\VirtualBox VMs
2016-01-15 20:41:58 -------- d-----w- C:\Users\Root\.VirtualBox
2016-01-15 20:40:53 965440 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2016-01-15 20:40:27 138904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2016-01-15 20:40:24 -------- d-----w- C:\Program Files\Oracle
2016-01-11 03:54:46 -------- d-----w- C:\Users\Root\AppData\Roaming\java
2016-01-11 03:54:44 -------- d-----w- C:\Users\Root\AppData\Roaming\.minecraft
2016-01-11 03:53:01 -------- d-----w- C:\Program Files (x86)\Minecraft
2015-12-28 00:19:46 -------- d-----w- C:\Morrowind
2015-12-27 23:55:57 -------- d-----w- C:\mor
2015-12-24 06:32:39 -------- d-----w- C:\Users\Root\AppData\Roaming\.mono
2015-12-24 06:32:39 -------- d-----w- C:\ProgramData\.mono
2015-12-24 06:32:38 -------- d-----w- C:\Users\Root\AppData\Local\Colossal Order
2015-12-24 04:04:29 -------- d-----r- C:\Program Files (x86)\Skype
2015-12-20 14:59:06 -------- d-----w- C:\Users\Root\AppData\Roaming\PACE Anti-Piracy
2015-12-20 14:59:06 -------- d-----w- C:\Users\Root\AppData\Local\PACE Anti-Piracy
2015-12-20 14:59:06 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2015-12-20 14:57:32 -------- d-----w- C:\Users\Root\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-12-20 14:56:28 -------- d-----w- C:\Users\Root\AppData\Local\Flash Builder
2015-12-20 14:50:46 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2015-12-20 14:45:27 -------- d-----w- C:\ProgramData\ALM
2015-12-20 14:43:28 -------- d-----w- C:\Users\Root\Adobe Flash Builder 4.6
2015-12-20 14:39:40 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2015-12-20 14:39:40 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2015-12-20 14:39:40 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2015-12-20 14:39:39 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2015-12-20 14:39:39 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2015-12-20 14:39:36 -------- d-----w- C:\Program Files (x86)\My Company Name
2015-12-20 14:35:15 -------- d-----w- C:\Users\Root\AppData\Local\Adobe
.
==================== Find3M ====================
.
2015-12-30 03:42:19 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-12-30 03:42:19 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-19 01:08:18 194976 ----a-w- C:\Windows\System32\drivers\VBoxNetLwf.sys
2015-12-19 01:08:18 117768 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp6.sys
2015-10-23 01:59:03 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-22 17:00:51 16258616 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 1:08:48.14 ===============

Attached Files

attach.zip (2.5 KB)