File: C:\Windows\System32\drivers\17654956.sys
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\34129729"
CMD: sc stop 34129729
CMD: sc delete 34129729
C:\Windows\System32\drivers\17654956.sys
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: