(1) Sunday I noticed that the ZA-AV log showed an access error (8004025D) for any file that it attempted to scan.
(2) Monday, based on recommendations here, I did the boot to safe mode -> delete, delete, delete -> reboot -> run MBAM AV and SuperAntiSpyware (both okay, no malware) -> clean registry & system with CClean -> reboot -> do a clean reinstall of ZA-IIS. *Apparently* that whole process went okay, as it completed without errors and ZA seemed to be behaving correctly.
(3) Foolish optimist that I am, I d/l'ed the eicar.com test file again "just to see..." Uh-oh. Running ZA-AV on the directory containing eicar or on the file directly, the log shows "scan complete" with nothing detected, the AV log file also just shows scan complete, no detections, treatments, or quarantines. The contents of eicar.com check correct with the web site, so that's not the problem.
And ... while pondering the meaning of all this, a scheduled AV scan commenced at 1230. I had set the scan options to "Ultra-Deep Scan" while trying to get it to see eicar.com, so I figured the machine would be busy for a few hours of deep, deep scanning.
Uh-oh again. The "ultra deep" scan completed (by the AV log) in 7 minutes after "scanning" 355,651 files; the Scanning Status dialog box was (is) still in place, however, stuck on Win32.Trojan.Zlob.2.Gen.179.
My spider senses are tingling...
ZoneAlarm Security Suite version:8.0.298.000
Anti-virus engine version:220.127.116.118
Anti-virus signature DAT file version:981377051
Anti-spyware engine version:18.104.22.168
Anti-spyware signature DAT file version:01.200903.5635
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite