"After a very thorough investigation, half of which went way over my head, Russinovich tracked it down to a copy protection program installed when he put a Sony music CD into his computer. Two CD-burner device drivers and an NT system service were installed, then promptly hidden from sight by a rootkit.
When this CD is put into a Windows computer, a license agreement pops up declaring that a small program will be installed. The license agreement claims that the software will be used to play the music files and to allow you to make a limited number of copies of the music. It also claims that you cannot play the music files without installing the program.
The agreement contains significant omissions. The fact that a rootkit is installed is not disclosed. The fact that device drivers are installed is not disclosed. That these device driver will disable the CD burner if someone attempts to copy the CD is not disclosed. The NT service is not disclosed and in fact, is given a deceptive name: "Plug and Play Device Manager".
If you ever play CD's in your computer, you should read this article. If you ever burn copies, even for your own use (like a copy for your car), you should read this article. The average, or even above-average user, can't uninstall this without breaking their computer.