Identify Hidden Windows Services

checkhiddensvc.ps1

Compare-Object -ReferenceObject (Get-Service | Select-Object -ExpandProperty Name | % { $_ -replace "_[0-9a-f]{2,8}$" } ) -DifferenceObject (gci -path hklm:\system\currentcontrolset\services | % { $_.Name -Replace "HKEY_LOCAL_MACHINE\\","HKLM:\" } | ? { Get-ItemProperty -Path "$_" -name objectname -erroraction 'ignore' } | % { $_.substring(40) }) -PassThru | ?{$_.sideIndicator -eq "=>"}

The following filters out any registry entries where the service has ObjectName set but is a driver (e.g. vmsmp, WUDFWpdFs, WUDFWpdMtp in the orginal one-liner):

Compare-Object -ReferenceObject (Get-Service | Select-Object -ExpandProperty Name | % { $_ -replace "_[0-9a-f]{2,8}$" } ) -DifferenceObject (gci -path hklm:\system\currentcontrolset\services | % { Get-ItemProperty $_.pspath } | ? { $_.ObjectName -ne $null -and ($_.Type -band 0xfffffff0) } | Select-Object -ExpandProperty PSChildName) -PassThru | ?{$_.sideIndicator -eq "=>"}