This old thread had the fix.

Launch task manager. On the Processes tab, change the view to include a
column for PID

open a command window
type net start spooler

You have one minute to complete the next couple tasks

find spoolsv.exe in task manager, note the PID

in the command window type
ntsd -p [PID for spoolsv.exe] -g -G

press enter and a bunch of module load info will scroll paste.

wait for the process to terminate you will see a prompt to this effect:
ntdll!DbgBreakPoint:
7c822583 cc int 3
0:001>

type k

hopefully this will indicate which module is failing.

In this case it was zsr.dll. Renamed the file in its location, start the spool service. I went to the properties of the failing printer to try a test page and was told the driver was needed. It asks for the renamed dll file we found. Point the wizard to the location (cd or install folder, use a clean copy) and installed it at the prompt. Fixed

Step 2) Launch dictionary attack against the email list in step 1

Understand? Probably not. The main point to take away today is password strength/complexity, what it means, and why. In working with people and companies that have been hacked there is a common theme of password, shall we say, laziness. That lax behavior stems from lack of understanding.

If you remember the movie Wargames from the 80′s, you have an example of what many think of when it comes to breaking into accounts. If you have not, there is a point in the movie where Matthew Broderick is trying to figure out the password of a program designer. He does loads of research by reading about him, his work, etc. Eventually he has the epiphany that the password is Joshua, the name of the man’s deceased son. A very poor password for a weapons designer in the 80′s. Even less so in the present.
In my line of work I am privy to the passwords of new clients and they commonly fall, at least until I talk to them,  into the pattern of: ‘important name’ followed by ‘some important number’. So we have passwords like scruffy1976, dustin061387, married1986, etc. Matthew Broderick would be your nemesis if that’s how passwords were being cracked. But they are not.

Understand this is a basic explanation but a strong password will help in most cases. What happens most commonly is a game of numbers.  A computer has a list of thousands of email addresses and thousands of the most common passwords. The hacker chooses a specific website. Let’s say bankofamerica.com. The computer will then start at the beginning of the email list and attempt to logon with that email address and the first entry on the list of common passwords. Now, most sites with even basic security will temporarily lock an account or force the the use of captcha after so many failed attempts. No problem, we have a list of several thousand email addresses so when the lockout occurs the computer moves on to the next email address and starts at the top of the password list again. I say computer because, again, most people think it’s a person in a basement with his pet rat typing away. It’s all automated now. I don’t have to tell you how fast a computer can move through that list.

Once in we have free reign of your bank account. Even more frightning is that once we have a valid email and password combination we can access ANY site that you used that email address and password on. We all have the habit of using the same password in multiple places. A valid reason for using multiple passwords or at least making the password complex.

Where do the passwords come from? A list of the 10,000 most common passwords is out there on the internet for download. According to Xato there are some interesting statistics about the list.

• 4.7% of users have the password password;
• 8.5% have the passwords password or 123456;
• 9.8% have the passwords password, 123456 or 12345678;
• 14% have a password from the top 10 passwords
• 40% have a password from the top 100 passwords
• 79% have a password from the top 500 passwords
• 91% have a password from the top 1000 passwords

>Note that a staggering 91%  are in the top 1000. That means statistically in a list of 100 email addresses you can figure out 91 passwords from a pool of 1000 choices.

What happens if it’s not on the list? Well, like car thieves, hackers are generally for easy pickings. If you walk through a mall parking lot I guarantee you will find multiple cars unlocked. Much easier and quieter than breaking windows. However, beyond the common list there are more advanced dictionary attacks. Same idea but using two different lists in combinations. As mentioned, many passwords fall into the ‘common word’ + ‘number’ format (eg. scruffy1976).  The method is the same but takes longer to try word and number combinations. When I say longer I am speaking relatively as far as a computer is concerned.

What makes a good password? There are several password test utilities out there

• http://howsecureismypassword.net/
• https://www.microsoft.com/security/pc-security/password-checker.aspx
• http://www.passwordmeter.com/

Believe it or not, you can make life easier on yourself and harder for hackers by using long phrases of words with numbers and special characters. I prefer the 3rd link above but the the 1st link is neat in its presentation. These testers are statistical and remember the Indiana Powerball has odds of 1 in 195 million but people do win it. Some have won it having only having bought a few tickets. Also, these test one password against one targeted account. Hackers are testing one password against multiple accounts increasing their chances. One could be yours.

For example, statistically, using the first link the password scruffy would take single desktop almost an instant to figure out.

• scruffy19 would take 4 days.
• scruffy1976 would take 16 years.

While the time seems like a lot we are dealing with statistical chances and I want the odds so far in my favor that its pointless to try and break.

• Scruffy1976 with the S capitalized will take 6 thousand years. Now we’re getting warm.
• Scruffy1976 dog with the S capitalized and space between the number and dog will take 5 trillion years. Much better.
• Scruffy1976 dog$ will take 6 quadrillion years and is over 16 characters making it very difficult to guess.
• The M00n Sh!nes At Night (the o’s in moon are replaced with zeroes) will take about 47 nonillion years, is long, easy to remember, and passes all 3 of our testers as strong passwords.

Hopefully you can see where this is going . Passwords don’t have to be an elaborate set of special characters (though you should have some) to be statistically secure. In later articles we’ll talk about social engineering and viruses and how to protect your strong passwords from other means of compromise. After all, password strength means nothing if you tell it to someone.