Python search for Windows Executables

I NEED THIS IN 48 HOURS. Create a tool to scan and detect malicious executables in Windows persistence mechanisms. Some of these locations may not exist on certain systems.... the program should check if key exists before trying to read from it, and handle failures gracefully. Some of these paths are Registry "folders" and some are Keys for "Key/Value" pairs HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\*\ImagePath So each Key under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\, if that key has a Key named key/value named ImagePath, then hash that target HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ------------------------------------------------------------------------------------------------- The goal is to scan and find the target .exe, .dll & .sys files and hash the files. Then, we want to compare the the hashes from a source of malicious file hashes and alert if any match. --- I think it makes sense on some of these, like "Shell" where it may be set to "[login to view URL]" with no path, to just check c:\windows\[login to view URL] and c:\windows\system32\[login to view URL] for the file, and otherwise report that file could not be found. For testing, make sure to actually put a hash in your hash dataset that matches something to make sure it actually catches things.