Re: Paranoid or Under Attack ?
Unfortunately we do see a lot of paranoia from new users; they barely know anything about Linux, but they think they've found something "unusual" or "suspicious".
Everything described sounds totally normal to me. The only thing you described I didn't know about was the "gfxpayload" thing. A bit of quick research has shown it's a normal part of GRUB. It's even present on my Linux Mint system. Nothing to worry about. And to get in the mind of a virus writer or attacker, there's no way would they use a word like "payload" in a malicious file.
You just have to accept that you don't know much about Linux, and what's normal. A bit of quick Googling will tell you if you've found anything out of the ordinary. Linux is very, very, INCREDIBLY different to Windows; you can be the world's foremost expert on Windows and still be a complete newb on Linux, that's how different things are.
And remember, if an attacker can put files into your system, then they can also convince the system to ignore those files and not show that any changes have been made.
Just relax a bit. Everything you described is normal, and the chances of you getting any sort of malware infection on a normal desktop system are considerably less than you being involved in a car accident. As for being infected on a default install, it's more likely that you'll be killed by a shark.
I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.