I've been getting emails from my ISP (AT&T) recently about suspected botnet IRC activity on July 27th and 29th (another email came today but it was blank). It happened around midnight UTC on both days.
I have AVG installed and ran a scan with MalwareBytes, and nothing was found.
Using netstat I discovered some unusual open ports: 10110 and 27015. Searching for port 10110 on Google produced this graph from SANS:http://isc.sans.edu/portgraph.html?_jpg_cs...p;submit=Update
There was a huge spike in sources of that port on the 29th.
Google suggested port 27015 as a related search term. This is the Half Life 2 server port, but I don't have HL2 (I have the Valve games Portal and Alien Swarm, but I don't run a server for either.)
It might be related to Steam, but I'm not sure (even with the spike there were only 200 sources for port 10110).
I couldn't find any bad processes or startup entries.
I have been using IRC a lot recently, so maybe it was just a false positive?