The following is my Event file. Please help as soon as you are able, as my troubleshooters, Defender, and entire Windows 10 have been compromised by whatever malware or virus has come through via this remote PC device and its app file. Thank you.


  • Log Name:      System
    Source:        Microsoft-Windows-DistributedCOM
    Date:          1/3/2018 4:52:27 PM
    Event ID:      10016
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          LOCAL SERVICE
    Computer:      DESKTOP-VG64V0K
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
     and APPID 
     to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Event Xml:
    <Event xmlns="">
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="0">10016</EventID>
        <TimeCreated SystemTime="2018-01-03T21:52:27.819880900Z" />
        <Correlation />
        <Execution ProcessID="512" ThreadID="6568" />
        <Security UserID="S-1-5-19" />
        <Data Name="param1">application-specific</Data>
        <Data Name="param2">Local</Data>
        <Data Name="param3">Activation</Data>
        <Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
        <Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
        <Data Name="param6">NT AUTHORITY</Data>
        <Data Name="param7">LOCAL SERVICE</Data>
        <Data Name="param8">S-1-5-19</Data>
        <Data Name="param9">LocalHost (Using LRPC)</Data>
        <Data Name="param10">Unavailable</Data>
        <Data Name="param11">Unavailable</Data>
    Wednesday, January 3, 2018 10:56 PM

All replies

  • What is in the following registry key: HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}


    The App ID 9CA88EE3-ACB7-47C8-AFC4-AB702511C276 is for Runtime Broker (see this article:

    It looks like something or someone is trying to access Windows Store to install some new apps.

    Friday, January 5, 2018 2:09 AM