My zeroth law of compromised machines
If you can't find anything wrong, you haven't looked carefully enough.
The immediate corollary is also important:
If you can't find anything, the intruders are still there.
The leading cause for not finding anything wrong on a machine you know is compromised is that you haven't detected the rootkit that is hiding things from you.