Link to home
Start Free TrialLog in
Avatar of stkoontz
stkoontzFlag for United States of America

asked on

Computer trying to connect to redswoosh.akadns.net

We use bsecure (Www.bsecure.com) for our internet filter and AVG free version for antivirus.  When I upgraded to the newest version of bsecure, I started to get a warning popup that says "Site:redswoosh.akadns.net Reason: File sharing, Dynamic."  So there's something in my computer that's trying to access this website.  (My guess is that it's been there awhile and the new version of bescure has a new feature to show what it's blocking.)

I ran the AVG scan, TrendMicro's online scan and fsecure's scan.  Neither found anything very wrong.

Thanks for any help that can be given.

Steve

Hijack This log is below if that helps.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:24 AM, on 10/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Bsecure\BSecKLX.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bsecure\BsecTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bsecure] C:\Program Files\Bsecure\BsecTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider '%programfiles%\bsecure\inetctrl38.dll' missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208441033453
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CloudCare (Bsecure) - Bsecure Technologies, Inc. - C:\Program Files\Bsecure\InetCtrl.exe
O23 - Service: CloudCare AntiVirus (BsecureAV) - Bsecure Technologies, Inc. - C:\Program Files\Bsecure\BsecAV.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1ca24242bcd5a02) (gupdate1ca24242bcd5a02) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

--
End of file - 8117 bytes
Avatar of Martin_J_Parker
Martin_J_Parker
Flag of United Kingdom of Great Britain and Northern Ireland image
Have you tried other anti-malware?
I'd strongly recommend a scan with A-Squared - the free version should be fine:
http://www.emsisoft.com/en/software/antimalware/
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image
The server is server of Akamai Technologies which are often used for dowloading updates of software. A lot of SW vendors used this service. Also some VoIP sofwares can used it. Run in command prompt (Start CMD) command
netstat -b -a and you see what process is making this connection
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image
show me the result of command please.
Avatar of stkoontz
stkoontz
Flag of United States of America image

ASKER

Thanks for the very quick response.  Here are the results of running netstat.  I'll also try the malware scan.


Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    owner-31ddf27ce:epmap  owner-31ddf27ce:0      LISTENING       1316
  C:\Program Files\Bsecure\InetCtrl38.dll
  C:\WINDOWS\system32\RPCRT4.dll
  c:\windows\system32\rpcss.dll
  C:\WINDOWS\system32\svchost.exe
  -- unknown component(s) --
  [svchost.exe]

  TCP    owner-31ddf27ce:microsoft-ds  owner-31ddf27ce:0      LISTENING       4
  [System]

  TCP    owner-31ddf27ce:843    owner-31ddf27ce:0      LISTENING       592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:8080   owner-31ddf27ce:0      LISTENING       592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:30861  owner-31ddf27ce:0      LISTENING       592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:36081  owner-31ddf27ce:0      LISTENING       592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:668    owner-31ddf27ce:0      LISTENING       1268
  [carboniteservice.exe]

  TCP    owner-31ddf27ce:1030   owner-31ddf27ce:0      LISTENING       3364
  [alg.exe]

  TCP    owner-31ddf27ce:5152   owner-31ddf27ce:0      LISTENING       580
  [jqs.exe]

  TCP    owner-31ddf27ce:5354   owner-31ddf27ce:0      LISTENING       540
  [mDNSResponder.exe]

  TCP    owner-31ddf27ce:9421   owner-31ddf27ce:0      LISTENING       460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  TCP    owner-31ddf27ce:9422   owner-31ddf27ce:0      LISTENING       460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  TCP    owner-31ddf27ce:9423   owner-31ddf27ce:0      LISTENING       460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  TCP    owner-31ddf27ce:10110  owner-31ddf27ce:0      LISTENING       2304
  [avgemc.exe]

  TCP    owner-31ddf27ce:27015  owner-31ddf27ce:0      LISTENING       472
  [AppleMobileDeviceService.exe]

  TCP    owner-31ddf27ce:62514  owner-31ddf27ce:0      LISTENING       1392
  [cvpnd.exe]

  TCP    owner-31ddf27ce:netbios-ssn  owner-31ddf27ce:0      LISTENING       4
  [System]

  TCP    owner-31ddf27ce:1054   owner-31ddf27ce:0      LISTENING       460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  TCP    owner-31ddf27ce:668    localhost:1494         ESTABLISHED     1268
  [carboniteservice.exe]

  TCP    owner-31ddf27ce:1494   localhost:668          ESTABLISHED     3660
  [CarboniteUI.exe]

  TCP    owner-31ddf27ce:1510   localhost:27015        ESTABLISHED     3720
  [iTunesHelper.exe]

  TCP    owner-31ddf27ce:27015  localhost:1510         ESTABLISHED     472
  [AppleMobileDeviceService.exe]

  TCP    owner-31ddf27ce:4807   45.17.bsecure.com:http  ESTABLISHED     592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:4841   iw-in-f139.1e100.net:http  ESTABLISHED     3016
  [chrome.exe]

  TCP    owner-31ddf27ce:4845   45.17.bsecure.com:http  ESTABLISHED     592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:4896   45.17.bsecure.com:http  ESTABLISHED     592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:4899   38.97.75.18:https      ESTABLISHED     1268
  [carboniteservice.exe]

  TCP    owner-31ddf27ce:4906   38.97.75.18:https      ESTABLISHED     592
  [InetCtrl.exe]

  TCP    owner-31ddf27ce:4852   45.17.bsecure.com:http  TIME_WAIT       0
  TCP    owner-31ddf27ce:4864   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4867   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4868   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4869   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4870   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4871   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4872   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4873   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4875   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4876   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4878   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4879   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4880   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4881   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4882   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4883   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4885   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4886   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4887   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4888   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4897   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4898   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4900   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4901   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4902   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4903   38.97.75.18:https      TIME_WAIT       0
  TCP    owner-31ddf27ce:4905   38.97.75.18:https      TIME_WAIT       0
  UDP    owner-31ddf27ce:3082   *:*                                    592
  [InetCtrl.exe]

  UDP    owner-31ddf27ce:isakmp  *:*                                    1064
  [lsass.exe]

  UDP    owner-31ddf27ce:4500   *:*                                    1064
  [lsass.exe]

  UDP    owner-31ddf27ce:microsoft-ds  *:*                                    4
  [System]

  UDP    owner-31ddf27ce:1025   *:*                                    540
  [mDNSResponder.exe]

  UDP    owner-31ddf27ce:1050   *:*                                    460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:ntp    *:*                                    1456
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\windows\system32\w32time.dll
  ntdll.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:62514  *:*                                    1392
  [cvpnd.exe]

  UDP    owner-31ddf27ce:1045   *:*                                    460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:1900   *:*                                    1680
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\windows\system32\ssdpsrv.dll
  C:\WINDOWS\system32\ADVAPI32.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:1043   *:*                                    460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:ntp    *:*                                    1456
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\windows\system32\w32time.dll
  ntdll.dll
  -- unknown component(s) --
  [svchost.exe]

  UDP    owner-31ddf27ce:netbios-ns  *:*                                    4
  [System]

  UDP    owner-31ddf27ce:5353   *:*                                    540
  [mDNSResponder.exe]

  UDP    owner-31ddf27ce:1052   *:*                                    460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:1051   *:*                                    460
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\program files\common files\akamai\netsession_win_062a651.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:1900   *:*                                    1680
  C:\Program Files\Bsecure\InetCtrl38.dll
  c:\windows\system32\ssdpsrv.dll
  C:\WINDOWS\system32\ADVAPI32.dll
  C:\WINDOWS\system32\kernel32.dll
  [svchost.exe]

  UDP    owner-31ddf27ce:netbios-dgm  *:*                                    4
  [System]
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image
It is netsession software at the end of the listing. It is a part of BSecure software.
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image
Here is description waht Akamai is doing and their customers - there are also Adobe,....
http://en.wikipedia.org/wiki/Akamai_Technologies
Avatar of stkoontz
stkoontz
Flag of United States of America image

ASKER

I emailed bsecure tech support.  It sounds like bsecure is blocking itself from accessing its update website.  Is that correct?

Steve
ASKER CERTIFIED SOLUTION
Avatar of Tomas Valenta
Tomas Valenta
Flag of Czechia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of stkoontz
stkoontz
Flag of United States of America image

ASKER

I got a hold of bsecure tech support and they suggested uninstalling AKAMAI Netsession.  When I did that, the problem went away.

Thanks for the help.  I really appreciate it.

Steve