First, you should verify that the email from your ISP is valid (i.e. came from your ISP). I'm not sure why anyone would warn you of a possible infection for malicious intent but, paranoia is not always the worst thing in the world when it comes to security. Call your ISP. Ask them how they caught this.
Unless you explicitly know what you are looking for (socket calls, heatbeats, etc.) it is going to be hard to verify. It's always better to be safe than sorry. Again, call your ISP and see how they fingerprinted this and from there you may be able to narrow down the point of infection.
If it is in fact Zbot then it can be VERY difficult to detect and remove with standard AV tools or even running a script called tron script. You can try your best with the tools at your disposal, and even run the tron script to see if it picks anything up. But, this is one of the prime delivery methods for ransomware, botnets, etc. And as such, it is very well hidden and written.
Here's where the story gets sad, you probably need to nuke it from orbit. I know, this option sucks.. alot.. But, most if not all of us run into this from time to time. Especially in the research realm.