Notes:
A review of the $ROOT/home/drosen directory shows a fairly typical structure and no obviously improper files. The .bash_history file reveals traces of a rootkit install in a " " directory.
A directory with a non printable 'space' for the name is very questionable. The find command was used to locate this bogus directory.
History files are often symlinked to /dev/null to hide activity