Trouble erasing disk in order to do a clean install (I really need help!)
 

I have a monster in my machine that I can't get out.

I've already embarrassed myself on another forum. Everyone there thinks I'm paranoid and crazy. I can't clean install. They think I have a hard disk issue. I think my system keeps reinstalling its old self. And I think my updates come from within. I know that I wasn't giving the other group the right info, because everything seems suspicious. But then maybe they weren't asking me the right questions. So hopefully I can get some answers here and work this out without taking it into the shop. Single mom w kids, trying to survive. I don't need a costly repair bill.

I'll start with my /etc/rc. I was searching on how to remove my swapfiles, and found this site. My /etc/rc is really different. Can someone tell me what this means?
Thanks in advance!

I'm sorry but I am really confused as to what the problem is in the first place, and why you would want to remove any swapfiles which are important for the system to function?

Could you give a little more clarification on this? Also I am confused why you are posting the rc file. Is this the rc file from a clean install? Is there a section of it you find strange?

from the rc file manual:
I ran a diff between the rc file you posted and the file on my macbook
they are virtually identical, lines referring to swap were identical. I would say your rc file is completely normal for a mac.

Obviously you're concerned with something, but you haven't explained your overall concern. Start with the big picture, there are some very experienced users here, and they can help, but they need to know what your concern is.

I'm also a bit unclear as to what you are asking.

If you have modified something in the system files (e.g. /etc/rc) and something isn't working, then you should put restore the file(s) to what they were originally.
If you didn't keep a backup copy, then you should do an "archive & install" from your Install CD/DVD.

Subject title says it all. ;)

Ok, I'm sorry for presenting a normal file, and not explaining my problem. I just can't get a clean installation. I just did another clean install, and I still have the cache from everything I did or installed from before the clean install. I was told to remove the swap files before doing the clean install. I couldn't remove them, so I did a search, and your site showed how to remove them from the /etc/rc file. But my /etc/rc wasn't the same as the one referenced.

So forget the /etc/rc..... When I try to do a clean install, I'm unable to zero the hard drive. I can't re-partition. I have a volume that immediately pops up with 2 folders on it. I think these are the 2 automounts that are in an automount folder on my hd. One is server, the other is static. Server contains my entire harddrive. My network automatically appears even if I'm not connected to anything. My software update is installed before I do the software update. Like right now, I haven't updated, but it's showing the updated folders already there. I have the wrong version of Apache. I have Java 1.3.1 for Power PC. I have references to QuickTime Pro, but I don't own QuickTime Pro. I get spoofed websites, and outdated certificates. Certificates from the 1990's. This computer is an Intel Mac Mini running OS X 10.4. Why, after a clean install do I have certificates from 1998? Also, on each clean install, and I've done a few, I get the same error messages--
Assert failed: /Users/dave/dev/flash/player/FlashPlayer/platform/mac/plugins/../../generic/genericjpeg.cpp:85
and SyndicationAgent[396] WARNING: BestCalendarDateFromString - can't interpret: 'Wed 23 Jan 2008 00:40:06 -800'.

I'm the only user, and I don't know who the hell dave is, but I want him to go away! I can't delete trash, or cache, or change settings.

I appreciate your help.

You have been talking about "clean installs" but it doesn't seem as if you realize that doing a clean install means that you start by erasing the disk.

You need to give us much more detail about what happens when you try to erase the disk.
I assume that you are booting (restarting) from the Tiger Install DVD - is that right? (You need to do this as the first step)

After you erase the disk (the whole disk - make it one big partition), nothing will be left of your existing files or system. There should be no need to "zero the drive" - just a normal erase will be good.

Yes, I restart with the Tiger Install DVD, but the disk doesn't erase. It never becomes one big partition. I zero the drive trying to remove whatever is there preventing me from making it into one big partition. I've even tried splitting it into several partitions, and the 2 folders appear on each partition.

I understand that clean install means erasing the disk. I'm not a total moron.

And yes, Subject title says it all. ;)

Are you sure that you are selecting the drive (and not one of the partitions) in the list on the left side of Disk Utility?
And as I said above, there is no need to zero the drive. Erasing will be sufficient.

No implications intended. Lots of people use the wrong terminology.
And you were talking about files being left over from a previous install after you said that you had done a "clean install". That just isn't possible if you had erased the disk first.

I'm going to change the title to make it a bit more descriptive of the actual problem.

It's not possible if I'd erased the disk first. True!! And that's my whole point. What is preventing me from erasing the disk? I'm selecting the drive, not the partition. I'm selecting FUJITSU MHV2080BHPL Media. The only things that show are--

Name : FUJITSU MHV2080BHPL Media
Type : Disk

Disk Identifier : disk0
Media Name : FUJITSU MHV2080BHPL Media
Media Type : Generic
Connection Bus : SATA
Connection Type : Internal
Partition Type : GUID_partition_scheme
Device Tree : /PCI0@0/SATA@1F,2/@0:0
Writable : Yes
Ejectable : No
Mac OS 9 Drivers Installed : No
Location : Internal
Total Capacity : 74.5 GB (80,026,361,856 Bytes)
S.M.A.R.T. Status : Verified
Disk Number : 0
Partition Number : 0
and

Name : mac
Type : Volume

Disk Identifier : disk0s2
Mount Point : /
File System : Mac OS Extended (Journaled)
Connection Bus : SATA
Partition Type : Apple_HFS
Device Tree : /PCI0@0/SATA@1F,2/@0:2
Writable : Yes
Universal Unique Identifier : 19C359E8-7A7C-3BFD-A5DB-DE784B6F52D4
Capacity : 74.2 GB (79,682,387,968 Bytes)
Free Space : 68.8 GB (73,925,353,472 Bytes)
Used : 5.4 GB (5,757,034,496 Bytes)
Number of Files : 75,368
Number of Folders : 18,665
Owners Enabled : Yes
Can Turn Owners Off : Yes
Can Repair Permissions : Yes
Can Be Verified : Yes
Can Be Repaired : Yes
Can Be Formatted : Yes
Bootable : Yes
Supports Journaling : Yes
Journaled : Yes
S.M.A.R.T. Status : Verified
Disk Number : 0
Partition Number : 2
If disk0 is partition 0 and mac is partition 2, where is partition 1?

And a question about /private/var/db/dyld/update-prebindings-path.txt--
There are files in here that I don't think I want or need. And I didn't start having problems until I started seeing some of these files. How do I know which ones I need?

Again, thank you.

I assume that you are showing us what you get when you press on the "Info" button.
The fact that you are seeing two of these info reports means that you have selected both the disk and one of the partitions.
(It is possible to select more than one line in the left-hand column of Disk Utility - but you don't want to.)

Files under /private/var/db are way too low level for you to be looking at. You should concentrate on one problem. These files have nothing to do with your trouble erasing the disk.

should I point out that this drive looks pretty erased? there's only 5 GB of data on it (which might be enough for a bare system...). and let me just confirm - when you say did you mean that you restarted from the Tiger install disk, so that it was the startup disk (i.e., holding the C key down during startup?). you should get an installer screen, and not be able to view the contents of any drives.

Yes, I held down the C key during startup. The only reason I could see the contents of any drives is because after choosing to erase the contents of the drive during a new install, I still had my old cache. So during the next install holding the C key down during startup, I stopped and chose disk utility......this is where I could see the volume reappear.

interesting... ok, so let's go through it step by step, see if we can figure out where things are going wrong.

1. restart the computer, holding down the C key
2. when you get to the installer window that ask what you're primary language is (you shouldn't have to do anything, it should just appear), you choose English (I assume)
3. I'm forgetting the order here (and I don't have my Tiger DVD handy) but I think you have to go through a couple of license and ReadMe windows - eventually you get to a screen that that has an 'options' button and an 'install' button, right?
4. click the options button and choose 'erase and install', then click continue
5. click the install button, and wait...

now, where in this process does it start to be different, or go wrong? or do you get all the way through this without problems?

A bit off-topic, but you should not ever need to mess around with low-level system swap files, or any other system files for that matter.

How are you determining that you have 'old cache'? Erasing and installing will remove all files, including swap, cache, temp files, and everything else on your hard disk. Again, you do not need to mess around with any of these files on your system at all.

Anything in /System, /Library, /var, /etc, /private, and possibly some other folders are there for a reason. They are system files vital to running the operating system.

Also, the Volumes and Network 'folders' that automatically appear are also used by the system. The Volumes folder lists all of your currently mounted drives, such as a CD, flash, or hard drive. The Network folder lists local network shares from PCs or Macs that have file sharing enabled. Both automatically will appear, even if you have no other drives mounted, and even if you are not connectd to any networks.

Right--
I choose erase and install, and I select the customize button because I don't want to install everything that is available. I choose essentials, because that is the only thing that I must install. I'm trying to keep it down to what is necessary to run the system and hopefully find my problem. I opt out of any printer drivers, but I always have all kinds of epson printer drivers installed, but I don't have, nor have I ever had an epson printer. I always opt to save the log, but I get a very different log saved, than the one that I see as it's installing. The saved log is very minimal, although I ask for the errors and everything. However, this time I got more information than I've ever gotten. I'll post a little of it....things I'm curious about.

Jan 23 02:02:47 localhost : Launching the Language Chooser for an OS Install
Jan 23 02:02:54 localhost : Language Chooser ready
Jan 23 02:03:14 localhost : Launching the Installer using language code "English"
Jan 23 02:03:22 localhost : @(#)PROGRAM:Install PROJECT:Install-138 DEVELOPER:root BUILT:Feb 6 2006 20:45:06\n
Jan 23 02:03:22 localhost : @(#)PROGRAM:Installer PROJECT:Installer-94 DEVELOPER:root BUILT:Jan 13 2006 18:32:16\n
Jan 23 02:03:22 localhost : Hardware: Macmini1,1 @ 1660 MHz (x2), 512 MB
Jan 23 02:03:22 localhost : Running OS Build: 8H1619
Jan 23 02:03:26 localhost : Mac OS X Installation Log
Jan 23 02:03:26 localhost : Opened from: /System/Installation/Packages/OSInstall.mpkg
Jan 23 02:03:33 localhost : Entering Introduction section
Jan 23 02:03:33 localhost : Physical Memory Allocation: 127 MB wired, 35 MB active, 66 MB inactive, 228 MB used, 264 MB free, 512 MB total
Jan 23 02:03:37 localhost : It took 16.972436 seconds to finish launching.
Jan 23 02:03:41 localhost : Distribution: Mac OS X
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value
Jan 23 02:03:44 localhost : Installation checks completed successfully.


First question is--
Does it appear that there are 2 installers at work?
@(#)PROGRAM:Install PROJECT:Install-138
@(#)PROGRAM:Installer PROJECT:Installer-94

Second--
What is this?
Opened from: /System/Installation/Packages/OSInstall.mpkg

Third--
localhost : JS: checkSupportedBootRom threw exception TypeError - Undefined value

And last--
It appears localhost is calling the shots. Localhost should be gone if my disk was erased right?

Thanks for hearing me out, even if I don't know what I'm talking about.;)

You really don't need to analyze every single message the installer displays. Most of it is debugging information Apple developers use to troubleshoot problems. However, I can possibly explain what the messages mean.

Ok:
I'm pretty sure the first message means that it's loading the installer.

The second message simply means that the installer is loading the system files to install from "/System/Installation/Packages/OSInstall.mpkg".

The last message is where the Mac is checking the system for basic errors. Most messages here don't really matter at all. Only serious problems will prevent the OS from installing.

When you boot from the installer disc, you are running a mini-version of OS X. So even though your disk is erased, you are still using OS X, just from the CD instead of the disk.
'localhost' is the same thing as 127.0.0.1, which in basically means "this computer".

So...

basically means:

Ok, that makes sense, and thanks for the explanation.

As I said earlier, I've gotten a better log this time than I have previously. I just saw something interesting. I've said that I select to erase the drive before the install, but the log shows where I selected to erase the disk, but it only erased the volume. This is what I would see as it installed, but could never get the log to show it.

Notice the "Original Disk Layout"--
Jan 23 02:08:39 localhost : Erasing volume for OS Install
Jan 23 02:08:39 localhost : Original Disk Layout
Jan 23 02:08:39 localhost : partition map from /dev/disk0:
Jan 23 02:08:39 localhost : #: type name size identifier mountpoint
Jan 23 02:08:39 localhost : 0: GUID_partition_scheme *74.5GB disk0
Jan 23 02:08:39 localhost : 1: EFI 200MB disk0s1
Jan 23 02:08:39 localhost : 2: Apple_HFS Untitled 74.2GB disk0s2 /Volumes/Untitled

Now notice "Preparing disk for erase", then ", "Erasing volume".
Jan 23 02:08:39 localhost : Preparing disk for erase
Jan 23 02:08:41 localhost : Erasing volume.
Jan 23 02:08:41 localhost : Erasing
Jan 23 02:08:42 localhost : Initialized /dev/rdisk0s2 as a 74 GB HFS Plus volume with a 8192k journal\n
Jan 23 02:08:43 localhost : Mounting Disk
Jan 23 02:08:43 localhost : Done erasing volume.

Now "Final Disk Layout" is identical to "Original Disk Layout"
Jan 23 02:08:45 localhost : Final Disk Layout
Jan 23 02:08:45 localhost : partition map from /dev/disk0:
Jan 23 02:08:45 localhost : #: type name size identifier mountpoint
Jan 23 02:08:45 localhost : 0: GUID_partition_scheme *74.5GB disk0
Jan 23 02:08:45 localhost : 1: EFI 200MB disk0s1
Jan 23 02:08:45 localhost : 2: Apple_HFS Untitled 74.2GB disk0s2 /Volumes/Untitled
Jan 23 02:08:45 localhost : Waiting for volume...
Jan 23 02:08:45 localhost : Configuring volume "Untitled"
Jan 23 02:08:45 localhost : Preparing Disk for OS Install
Jan 23 02:08:45 localhost : Volume disk0s2 mounted at /Volumes/Untitled is ready
Jan 23 02:08:45 localhost : Activating Virtual Memory backing store
Jan 23 02:08:45 localhost : Create temporary directory "/Volumes/Untitled/OSInstall.mpkg.94DlIiC3"

And the main reason I posted in this forum is to get help booting into single user mode and formatting the drive that way. I've tried it several times, and I have limited knowledge of Unix, but following the directions from a book to the letter, I still get the message that diskutil can't unmount local disks and volumes. I can't even change the settings in Terminal, such as history size HOSTTYPE=powerpc, HISTFILESIZE=500. The powerpc is the wrong type of Java, that I can't get rid of, and all of it is the reason I'm digging into system files.

And what I haven't told you, is that the reason I switched to a mac is because a guy that is bent on making my life miserable, hacked into my Windows PC and gave me every virus known. I was a game server, a spam-server, probably a porn server, I always had so many other users logged-on...... It's very freaky when you log on and find that the desktop picture that was your beautiful baby girl is now completely missing, and instead there is a message saying "Catch me if you can!" This guy never was a friend of mine but someone who posted pictures of me on his website. I didn't even know him. I asked him to take them down, then he began a harassment campaign. Anyway, long, boring story.....But I could never remove the network installing linux root-kit. After spending way too much money, the computer guys gave up and told me to buy a mac. (Funny how the Windows tech's recommend Macs when they run out of options!) So now you know where my paranoia comes in, and why I don't trust anything at face value. And when I can't even change the history size in terminal......I just wonder who owns my machine now?

It's déjà vu all over again!

I think the problem is that you are trying to do the erase via "erase & install". When you do this, the installer asks you to select which partition you want to erase (before installing OS X on that partition).

Since you want to get rid of your partitions (in order to have one big partition), you need to boot from the Install DVD but don't go into the install - instead get Disk Utility from one of the menus and use Disk Utility to erase the whole disk. (Alternatively you could use Disk Utility to remove the non-boot partitions and then later erase that one remaining partition.)

I forgot to ask about this--
Jan 23 02:08:42 localhost : Initialized /dev/rdisk0s2 as a 74 GB HFS Plus volume with a 8192k journal\n

What is the journal?

Thanks for your help.

Journaling is a feature of the Mac hard drive filesystem! It helps make your drive more reliable and less prone to corruption. An explanation can be found here.

Have you used hayne's suggestion above in post #21?

Trevor

I've tried it that way too, many times. I select the drive, and select partion, 1 partition. The volume immediately returns, showing 2 folders. I select the drive, and select erase. The volume immediately returns, showing 2 folders.

I know y'all probably think that I'm just doing something or everything wrong. And using Unix, yeah, I'll admit, I probably am. But I'm VERY good at reading a book, and following directions. And *****, I'll go ahead and brag a little!! I'm as good as a monkey when it comes to looking at pictures and putting my arrow in the same place as the arrow in the picture, and then hitting click!! I'm not trying to sound like a smart*ss, but I've done all of the obvious things. I've RTFM, but my problem isn't in the FM. It's very frustrating because no one gives me credit for being able to point and click. I got the same treatment with my PC. They didn't believe me until the hacker blatently changed my desktop, and stole my little girl's picture from it, and left a message "CATCH ME IF YOU CAN!". And I say he STOLE it, because it was no where to be found. This happened one day AFTER the "SECURITY tech", not just the "YOU DEAL WITH THE CRAZY LADY THIS TIME tech" wiped my drive, reinstalled my system, and came out to my house to securely set up and lock down my system, since I'd been so incapable of doing it myself. So then, after almost a year, he took a closer look at all of the problems that I'd told him about. NOW he believed there might actually BE a problem!! Because even though I (probably for the 50th time) didn't click "ERASE THE DRIVE AND NOT JUST THE VOLUME", he is CERTAIN that he chose "ERASE THE DRIVE AND NOT JUST THE VOLUME"!! It was only then, that he finally decided to look deeper into the things, because he knew that he had made the proper selection. "Oh, *****, she's not crazy after all!" It turns out I had a memory resident root-kit. They never could remove it. My problem wasn't getting wiped during the wipe.

I said all of that to say,

I chose to erase the drive and not just the volume. Every single time. I know the difference.

And don't think I'm mad, because I'm not. I'm very grateful that there are knowledgable people out there that are willing to help those of us who need it. I understand where this "drive/volume" thing could be an issue. But I want y'all to understand, that on the drive/volume subject, I understand. I get it.

I'm open and eager for other suggestions! And hopefully someone can come up with plan B.

Hi Mazzy,

I think part of our problem (well, at least part of *my* problem) is that I'm not quite sure what the two folders you are seeing after you Erase the drive are. Would it be possible to take a digital picture of your screen after you've erased the drive, and attach it to this thread?

Trevor

no one thinks you're crazy, or dumb. well, maybe a little crazy, but in a good way. ;) the problem we have is that we can't see the system, or what you're doing with it, and so we have to double-check on the simple things and work our way up. with that in mind, I'm going to assume you know how to use screen captures, and ask for a pic of the partition map in Disk Utility. also if you could open System Profiler, navigate to Networks/Volumes, and give us a screenshot of that page as well, that would be good.

Having a picture (e.g. from a digital camera) as trevor suggests would be very useful so that we could see what you are seeing.

And please take the time to write an extremely detailed (using lots of precisely chosen words) of exactly what you are doing and what you are seeing.
Compare the first two paragraphs in your post #24 above. The first paragraph is the one where you told us what you did and what resulted. You used very few words. The second paragraph is not really relevant to the issue at hand (yes I know you explained that you wrote it to convince us that you aren't "mad") but you used lots of words there.
But it would be more convincing if you omitted all that and used your energy instead to very carefully describe (in excruciating detail) what you are doing.
The sort of description I'm asking for is something like this:

"I put the Tiger Install DVD into the DVD drive, then I went to the Apple menu (top left) and chose the 'Restart' menu item. When I heard the startup chime, I held down the C key and kept holding it down until I saw ...
...
I went to the Utilities menu and selected "Disk Utility" from that menu and after it launched I saw the following in the left hand column of the Disk Utility window:
...
I clicked on xxx and it became blue (selected). I then clicked on ...."

You get the idea? You need to describe in sufficient detail that we can "see" what you are doing. Of course having some digital pictures in additional to this description would make it easier.

Is it possible to take a screenshot when booted to your OS X Install disc?

Trevor

With regard to folders on erased volumes, there will be stuff that
the OS puts there by default. There may even be some things that
Terminal won't even show. Here is an empty volume in Leopard...

Much of that stuff won't be there in Tiger (unless the volume was mounted
on a Leopard OS). The ".metadata_never_index" file was put there by me,
to stop Spotlight from indexing that volume. Finder's Get Info for that disk
shows 29.1 MB used! (which is hidden stuff, like the partition map, journal
and other "HFS+" items I guess?). Anyway, once erased with Disk Utility...
there are no sinister files left behind.

HTH,

-HI-

I've actually did that last week, then decided that I really didn't have anyone to show them to! So, I erased them. But yes, I'll do it again. And do you mind explaining these settings in Terminal, and why I'm unable to change them? And on this part, you can call me dumb, because I'm pretty clueless when it comes to Unix. I have a book, but Terminal doesn't take orders from me. No matter how well I follow the directions in the book!

BASH=/bin/bash
BASH_VERSINFO=([0]="2" [1]="05b" [2]="0" [3]="1" [4]="release" [5]="powerpc-apple-darwin8.0")
BASH_VERSION='2.05b.0(1)-release'
COLUMNS=80
DIRSTACK=()
EUID=501
GROUPS=()
HISTFILE=/Users/roxy/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/Users/roxy
HOSTNAME=roxys-computer.local
HOSTTYPE=powerpc
IFS=$' \t\n'
LINES=24
LOGNAME=roxy
MACHTYPE=powerpc-apple-darwin8.0
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=darwin8.0
PATH=/bin:/sbin:/usr/bin:/usr/sbin
PIPESTATUS=([0]="0")
PPID=2311
PS1='\h:\w \u\$ '
PS2='> '
PS4='+ '
PWD=/Users/roxy
SECURITYSESSIONID=411eb0
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
SHLVL=1
TERM=xterm-color
TERM_PROGRAM=Apple_Terminal
TERM_PROGRAM_VERSION=133
UID=501
USER=roxy

And a couple of other things from my install log--
What are postflight scripts?? There are several of these .caction references--
Jan 23 02:17:46 localhost : run postflight script for BSD Subsystem
Jan 23 02:17:51 localhost : run postflight script for Automator
Jan 23 02:17:51 localhost : postflight[278]: cleaning up: /Volumes/Untitled//System/Library/Automator/Convert Address Book Object to Group Object.caction

Also,

Jan 23 02:17:54 localhost : It took 6.249832 seconds to Prepare volume "Untitled" (dm -prepareDisk:withType:)
Jan 23 02:17:54 localhost : It took 0.125214 seconds to Configuring volume "Untitled" (dm prepare*disk)

What is DM?

This is the first time I've been able to get this much information logged. So now maybe some of the things that I've seen during an install can be addressed.

Thank you VERY much!

most of the stuff in CAPS is just settings for your terminal session and window (basically telling what size the window is, which user is using the terminal, where various unix commands can be found, etc...). it all looks very normal.

'postflight' stuff is usually cleanup scripts that run after something has been installed. these would make sense if you just installed the system.

dm I'll leave to people more knowledgeable than me. :D

You should concentrate on one problem at a time. And the rule on these forums is: one topic per thread. So you should (later) start a new thread with questions about Terminal. But if you insist, start by reading this Unix FAQ: http://forums.macosxhints.com/showthread.php?t=40648
Please forget about the install and just concentrate on getting the disk erased. As explained above, you want to erase the disk as a separate step - using Disk Utility after booting from the Install DVD.

Thank you all!! I'll get to work on this later tonight. And I'll use lots of meaningful words!

Hi mazzy, when you say there are 2 folders, do you mean that the "Number of Folders" is 2?
For example, I have 137,593 folders on my drive, which contains all of my files:
http://i25.tinypic.com/11qi6tv.png

Having 2 hidden folders on a freshly erased drive is normal. These folders contain the "Journal" files, and the drivers and other things necessary for a computer to read the hard drive correctly.

I formatted a brand new flash drive with "Mac OS Extended (Journaled)", and ended up with 4 folders containing the necessary files for the filesystem to work properly:
http://i26.tinypic.com/2v827a8.png

Here is a Screenshot of Disk Utility and System Profiler Network/Volumes, and also a screenshot using Drive Genius--

Thanks y'all!

System Profiler shows nothing listed under Network/Volumes.

Drive Genius shows 4 partitions

You disk seems (from the pictures you supplied) to be correctly formatted with one large partition. (The other partitions shown by Disk Genius are (as far as I know) normal - these are hidden partitions intended only for internal (by the system) use.)

So you should go ahead and install OS X on that one partition.

ThreeDee,

You are right that those are the 2 folders I'm talking about. And it makes sense that they would contain the system files. I've had others tell me that there should be nothing there, and that nothing should be present on a clean drive drive.

And I don't mind being corrected, or told something different, or told I'm doing something wrong. I just want to know why I have java for PowerPC installed on an Intel? Why do I have printer drivers for a printer I never owned? Who is /user/dave? Why the spoofed websites and other problems?

Here's one I can count on......This is my "Am I clean yet?" test.
1. I go to TrendMicro.com
2. I click on the Trend Micro's FREE online virus scanner
3. Another page opens at http://housecall65.trendmicro.com/
4. I'm asked to agree to the terms of use and click the button "Launch Housecall"
5. Next page says "Trend Micro HouseCall can run on your system. If you want to start scanning for malware and vulnerabilities, you need an additional HouseCall kernel. You can select the relevant kernel for your system here. For further information about this step, please click here."
6. I click
7. A certificate pops up
7. It's outdated of course!

But Hey! I'm definitely making progress because THIS one expired in 2007, not in 1998 like previous one!!

Why would you do that? :confused: It doesn't even list OS X as a platform it supports!

Well, it does according to this......

What people are talking about is what you see in the main partition.
It seems to me that you are making this much too hard by looking into the details at a very low system level.
You should just proceed to install OS X from the Install DVD and then start a new thread if you encounter problems with your new installation.
But be sure not to install any 3rd-party software before testing your new OS X installation - test the system as supplied by Apple so you will have a baseline to compare with later.

You seem to be talking about problems in some past system. You currently (it seems) have a freshly erased drive and you can go ahead and install OS X on it. Please start a new thread for discussion of problems with the newly installed OS X if you encounter any.

I would recommend against running any such scanner if it asks you to approve running of a signed applet etc.
And in any case, the things it reports on will almost definitely not be relevant to your Mac since there are no known viruses in the wild for OS X.

[edit]
What Mac are you running that web browser on? (The one that you used to go to TrendMicro.com)
[/edit]

I'm running it on the only mac I have. I reinstalled the system early Wednesday. The problems aren't from a past system. /user/Dave is in my current log. Java for PowerPC is currently installed. The outdated certificate is here today after a "so-called" clean install only yesterday. My updates are installed even though I haven't updated. They are mostly for things I don't have, updates I don't need. They are all Apache 1.3.33 cache files. The reason I haven't updated is because after I update, things get worse.

any drive that's been formatted will have have areas reserved for formatting and boot information. I don't think it's possible to return a drive to a completely blank (i.e. unformatted) state without special equipment.

EDIT: or a big magnet. ;)

with os X (for the time being, at any rate) your main worry is if someone gains physical control of your machine and adds malware. there are few (if any) viruses or worms or spywares that infest macs, and a good dose of internet caution will keep you away from trojans and phishing sites. if you install tiger from the DVD, and then take some basic security measures (see here for a nice list) you can be very confident your machine is yours and no one else's.

in other words, if you can get a running system going at this point, you're fine; don't make your self nuts chasing shadows. :D

Umm, I thought we were still at the point of trying to get your disk to erase.
It doesn't help us to help you if you aren't communicative about what you are doing.

Okay, let's slow down and take things one step at a time.
And you need to start showing us what you are seeing instead of telling us what you think it means.
For example, show us (by copy & paste) what is in your logs regarding this "/user/Dave". And show us what it is (by copy & paste from the logs or whatever other source you are looking at or via a screen capture, etc) that makes you say that Java for PowerPC is installed. And whatever it is about Apache that has you concerned.

Do you even have Apache enabled ("Personal Web Sharing" in the Sharing preferences) ?

I think the outdated certificate you mentioned is something that came in over your web connection when you tried to use that online virus scanner.

But I think it would be a lot easy to troubleshoot all this if you would (as I thought you were doing) do another "erase & install". And then (as I said above) do not install any 3rd-party software before fully testing the newly installed system. And do not modify the configuration of your system (e.g. turning on things like web sharing in the Sharing prefs) before finishing your initial tests of the new system.

What's the subject now? :confused:

Here's what I think is happening:

1) OP runs questionable security software: http://housecall65.trendmicro.com/

2) Said software reports multiple alleged problems, most likely as a scare tactic to get users to buy more questionable security software.

3) Scare tactic works, causing OP to erase & install.

4) Running questionable security software on new install generates the same scary reports!

Same subject. After doing an erase and install, I still have files that don't belong here.



You're wrong. I only ran the scan after software update started popping up every hour or so telling me to update java and quicktime. This was a couple of months ago. Since then, I've tried over and over to remove the problem.

But go ahead and laugh at me. I really don't care. I'm so frustrated and sincerely seeking help. I was hoping someone would take me serious.

Once again, you need to tell us precise details. Don't say "I have files that don't belong" - instead show us what you are seeing that makes you say that. (via copy & paste from Terminal or a screen capture)
Explain why you don't think they belong.


We are taking you seriously.
But you haven't been very good at communicating what the situation is and what you are doing. (See above where I thought you had just finished erasing the disk and had not yet installed OS X .)

And problems that happened a couple of months ago are not in the least relevant to your current situation after having just recently done an erase & install.
Tell us about your current problems - in detail.
And don't run any 3rd-party virus checkers etc. Just use the tools that come with OS X - they are more reliable.

As I said before, if you are currently having extreme problems, then the thing to do is to do an "erase & install" and then (with afresh start) see how your system behaves. And once again, do not run 3rd-party virus checkers just to see what they say. Don't look for problems where they don't exist. Report on actual problems. Running those virus checkers are actually more likely to create problems than find existing problems.

It is a good thing to use the Software Update program. It intentionally popped up automatically to notify you of some new upgrade(s) that possibly fix some software bugs or patches up some security flaws.

On a side note, TrendMicro's HouseCall system is a good web applet for Windows PC's, but it is pretty buggy on Macs, and doesn't work well. Most of the time it doesn't even load properly.

Anyway, thanks for hanging in there. It's difficult trying to help people over the internet sometimes.

to mirror Hayne's request

what files? as precise a list as you can, please. :)

I know it's difficult, and I appreciate everyone's effort.

So, let's start again at around 3 am with my latest erase and install.

The pics aren't great, but that wasn't my concern.

1. Restart, holding down C key at startup

2. Select language

3. Welcome screen

4. At the License screen, I open Disk Utility

5. The first pic shows that I've selected to make 1 partition

6. Next pic shows partition options and the option I chose

7. After partitioning

8. Before erase

9. After erase

that looks completely normal.
first item: your hard drive
second item (indented): the single partition on your hard drive
third item: the install DVD in your DVD drive
fourth item (indented): the mac OS partition on the install DVD

the last two you can't modify at all, of course.

The weather is really bad here, so my internet is very slow uploading these pics. Thanks for being patient.

10. Select Destination

11. Select Erase & Install

12. Options

I'll skip to after it restarts, I select my time zone etc...

Automatic Update pops up. I select no. And yes, I know that updates are good, but I'm concerned that they aren't legit.

Especially since I choose to not update, but I receive them anyway.

Java for PowerPC

/user/dave/

He wasn't in the log this time, but the flash player file that is ever present, is still present.

ok, a quick search on my machine tells me you're looking either in ~/Library/Caches/ or /private/var/folders/**/**/-Caches-. there's no reason for you to look there and no reason for you to be worried about it. cache files are harmless, particularly cache files made by the installer. as far as users/Dave goes - notice that all of the logged events are failures. that probably has to do with the fact that you've made such a stripped down system some element of the installer is failing.

I'm still not seeing anything I'd consider abnormal here.

Mazzy,

Everything you've shown so far looks absolutely fine. In the screenshot attached to post #56, you're apparently looking in your ~/Library/Caches.

If you are concerned about Software Update, download Security Update 2007-09 from Apple's website:
http://docs.info.apple.com/article.html?artnum=307179
http://search.info.apple.com/?search...ate%202007-009

Security Update 2007-09 patches a vulnerability that was found in Software Update.

By the way, to turn off Software Update from asking you if you want to update, go to System Preferences > Software Update > Update Software tab and uncheck "Check for updates". This will need to be done in all of your user accounts.

Trevor

Software Update verifies updates multiple ways. Apple uses encrypted SHA-1 hashes and PGP to verify the downloaded contents, as well as some other stuff they don't disclose for obvious reasons. If you really want to, you can download the updates manually from http://www.apple.com/downloads/macosx/apple/ Note that you will have to sort out exactly what you need and don't need, as many of the updates may not be for your Mac.

Caches are used for various reasons. They don't mean that anything has been downloaded or installed.

The v1.3.1 of Java app is an older version of Java used for compatibility with older java programs. It's recommended that you leave it as it, as moving/editing/deleting it might cause more problems.

The flash player comes bundled with OS X. 'dave' was most likely the developer who was programming it at the time, and he somehow left some file paths with the "/users/dave" in the final released program. Nothing to worry about there wither.

What about the httpd install.log?

I can't remember exactly what that dialog about automatic updates says, but I think you are misinterpreting it.
What the situation regarding updates is that you can select to have them automatically downloaded, and you can select to have the downloaded updates automatically installed. (two different choices there)
Otherwise updates will be looked for at some specified time of the week and Software Update will come up to tell you about them.

um. no. That shows that the httpd directory is empty and that install.log is next in alphabetical order. Which is proper. Nothing wrong there.

hayne, I don't think the settings are incorrect, I think that mazzy is viewing the cache files as downloaded or installed updates.

See the reply and the attachment in this post.

That is not the httpd log. The arrow is pointing down, but because there is no httpd log, nothing is listed there. The install.log is a separate log (not related to httpd) that contains the log from your system install.

I am almost thinking that a fresh install populates the /Library/Caches/com.apple.SoftwareUpdate the first time the application pops open, such as when it prompts you to select your preferences.

Either way I don't see anything at all that confirms there actually are any installed updates. That would be in /Library/Recipts if memory serves.

What exactly in there did you find troublesome?
I don't see anything suspicious there at first glance, but it is rather small to see properly.
Note that for log files, it is better to either copy & paste the text into your replay (instead of showing a screen capture) or attach the log file as a plain text file (.txt or .log) using the Manage Attachments button at the bottom when you reply

Ok, I'm feeling better.....

I didn't find anything troubling in the log, just wasn't sure if it was ok.

Is it ok if, while I've got everyone's attention, I ask about other things in the log files? Then I can lay this to rest, and feel secure once again about having a mac and not a pc.

works for me. :D

Thanks;)

From asl.log (This is something I haven't seen before Many more like these.) Facility user? Facility daemon? Apple employees?
[Time 2008.01.25 19:50:59 UTC] [Facility daemon] [Sender crashdump] [PID 936] [Message crash report written to: /Users/roxy/Library/Logs/CrashReporter/Preview.crash.log] [Level 3] [UID -2] [GID -2] [Host roxys-computer]
[Time 2008.01.25 19:07:27 UTC] [Facility user] [Sender Crash Reporter] [PID 893] [Message For quality control purposes auto-submit is enabled by default for Apple internal users. Apple employees should still file RADARs for bug tracking purposes.] [Level 3] [UID -2] [GID -2] [Host roxys-computer]

From DirectoryService.server.log
2008-01-25 01:26:20 PST - DirectoryService 2.1 (v353.1) starting up...
2008-01-25 01:26:20 PST - Plugin <Configure>, Version <1.7>, processed successfully.
2008-01-25 01:26:20 PST - Plugin <NetInfo>, Version <1.7.4>, processed successfully.
2008-01-25 01:26:20 PST - Plugin <LDAPv3>, Version <1.7.4>, processed successfully.
2008-01-25 01:26:21 PST - Plugin <Search>, Version <1.7>, processed successfully.
2008-01-25 01:26:21 PST - Plugin "Active Directory", Version "1.5.4", is set to load lazily.
2008-01-25 01:26:21 PST - Plugin "AppleTalk", Version "1.3", is set to load lazily.
2008-01-25 01:26:21 PST - Plugin "Bonjour", Version "1.3", loaded successfully.
2008-01-25 01:26:22 PST - Plugin "BSD", Version "1.2.2", is set to load lazily.
2008-01-25 01:26:22 PST - Plugin "PasswordServer", Version "3.1.1", is set to load lazily.
2008-01-25 01:26:22 PST - Plugin "SLP", Version "1.3", is set to load lazily.
2008-01-25 01:26:22 PST - Plugin "SMB", Version "1.3", is set to load lazily.
2008-01-25 01:26:22 PST - Registered node /Configure
2008-01-25 01:26:22 PST - Plug-in Configure state is now active.
2008-01-25 01:26:22 PST - Plug-in Bonjour state is now active.
2008-01-25 01:26:22 PST - Registered node /NetInfo/DefaultLocalNode
2008-01-25 01:26:22 PST - Plug-in NetInfo state is now active.
2008-01-25 01:26:22 PST - Registered node /Search
2008-01-25 01:26:22 PST - Registered node /Search/Contacts
2008-01-25 01:26:22 PST - Registered node /Search/Network
2008-01-25 01:26:22 PST - Plug-in Search state is now active.
2008-01-25 01:26:23 PST - Plug-in LDAPv3 state is now active.
2008-01-25 01:26:24 PST - Network transition occurred.
2008-01-25 01:26:27 PST - Registered Locally Hosted Node /NetInfo/DefaultLocalNode
2008-01-25 01:26:30 PST - Network transition occurred.
2008-01-25 01:26:30 PST - Network transition occurred.
2008-01-25 01:26:30 PST - Network transition occurred.
2008-01-25 03:36:40 CST - Plug-in SLP state is now active.
2008-01-25 03:36:40 CST - Plugin "SLP", Version "1.3", loaded on demand successfully.
2008-01-25 03:36:40 CST - Plug-in SMB state is now active.
2008-01-25 03:36:40 CST - Plugin "SMB", Version "1.3", loaded on demand successfully.
2008-01-25 03:36:40 CST - Plug-in AppleTalk state is now active.
2008-01-25 03:36:40 CST - Plugin "AppleTalk", Version "1.3", loaded

If I don't use or need any of this, why has it loaded "on demand"? or "set to load lazily"? or "active"? I know that this is basic for most people, but I just need to know if it's normal.

cups_error.log (I know this is a normal process but 100 clients?)
I [25/Jan/2008:01:26:28 -0800] Listening to 7f000001:631
I [25/Jan/2008:01:26:28 -0800] Listening to b00f3000:0
I [25/Jan/2008:01:26:28 -0800] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [25/Jan/2008:01:26:28 -0800] Configured for up to 100 clients.
I [25/Jan/2008:01:26:28 -0800] Allowing up to 100 client connections per host.
I [25/Jan/2008:01:26:28 -0800] Full reload is required.
I [25/Jan/2008:01:26:29 -0800] Full reload complete.

system.log.0.gz
Jan 25 01:26:20 localhost kernel[0]: HFS: created HFBT on Untitled
Jan 25 01:26:30 localhost configd[60]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network

windowserver.log
Jan 25 01:26:23 [89] Server is starting up :eek: (what server?)
Jan 25 01:26:24 [89] CGXPerformInitialDisplayConfiguration
Jan 25 01:26:24 [89] Display 0x1cab4480: MappedDisplay Unit 0; Vendor 0x472 Model 0xad12 S/N 0; online enabled (0,0)[1024 x 768], base addr 0x3008000
Jan 25 01:26:24 [89] Accel caps: 00000001
Jan 25 03:30:13 [89] CGXRestartSessionWorkspace: session workspace exited for session 256 ( on console )

What is blued and why can't I stop it if I've turned bluetooth off?

And last, (my apologies for looking in system folders, but I have to know!)
Why do I have a folder /private/tftpboot/private/tftpboot/ with the last tftpboot being a symlink to my system.

Thanks for all of your help! Y'all have been kind and gracious to someone who's been hacked before, and is suspicious of everything! I know you'll be happy when I'm gone! And I'm very sorry for being such a pain!:o

I assume that "roxys-computer" is the name of your Mac - is that correct?
And that your user name is "roxy" ?

If so, this would appear to merely be a report about a crash of the Preview application.

Yes, I'm Roxy in the real world. Mazzy is my cat.

Yeah the "Preview crashed" part I got. It was the "facility" and "Apple Employee" part I didn't get.........

However, I'm fairly certain Apple doesn't want to employ me.:D

We can all agree there, right!?

Applications write all kinds of stuff to the logs - especially when something is going wrong (e.g. if they crash) and you shouldn't worry about it or even expect to understand it.
These messages are mostly intended for the programmers of those apps - so they can figure out what is going wrong (i.e. for debugging purposes).

Your Mac doesn't seem to be experiencing anything out of the ordinary, so I think you can just go about using it like a normal user. Normal users don't read logs etc - unless something starts to go wrong.

And I'd like to note that it is extremely, extremely, extremely (that's 3 'extremely's!) unlikely that your Mac will get hacked if you don't have any of the sharing services enabled, and if you refrain from installing or running software from untrustworthy sources.

No, sharing is turned off, airport and bluetooth off, though I still can't figure out why blued is running constantly and restarts as soon as I stop it. Airport starts again if I reboot.

I thought I had everything locked down until a couple of monts ago everything went crazy. Every website that came up in search was in Japanese....just all kinds of strange stuff. I guess I panicked!

Thank you for all the help.

Roxy (and Mazzy too - never leave out the cat...)

most of this stuff is there because the system is set up to have the capacity to do all kinds of things that you yourself might never do. so it registers plugins for bluetooth devices and appletalk and bonjour even though you don't use them, because someday you might, and it will be there waiting... think of it like having air conditioning in your car: you may never use it, but it's still there (and yes, you can really goof up your car if you try to tear it out)

loading lazily just means that service doesn't need to be accessed immediately, so it can start up in the background as time permits - the important stuff comes first.

crash reporter sometimes sends things to apple in the background (if it can) just for quality control. it's completely anonymous; no personal info involved.

CUPS is a printing service - if you set your computer up as a print server for other people, you could handle 100 other computers ('clients'). since you probably haven't done that, it's an irrelevant and harmless setting.

HFS is a disk's file system; configd is a background daemon (application without an interface) that helps set up your computer to run.

a window server is not an internet server; it's another daemon that takes care of creating and showing windows on the displays. that whole block is just telling you about what's on your monitor.

I'm not so sure about the private/tftpboot, but I suspect it's has to do with how the root kernel launches the system. anything in /private is system-only - you can really only access it from an administrator account, and even then it's hard to mess with. unless (again) someone has had physical access to your machine while it was logged into an administrator account (and you were off somewhere playing with the cat), it's extremely unlikely that anything in there is a security problem.

did I miss anything?

No, I think you covered it all. I'm going to go ahead and do an update, make a pot of coffee, and get back to the canvas and paint. I'm going to trust that there isn't a monster, or dave, or creepy hacker guy in my machine. (creepy hacker guy might be lurking around outside, but at least he can't get in my Mac!! If he gets in the house, I'll just shoot him! I would REALLY love to! It's legal in Texas!)

I'll sleep better tonight, and so will the cat!

Thanks and goodnight!:)