After further investigation, he found that the software installed on his machine without his consent or authorization included files identified via Sigcheck as part of "Essential System Tools" from a company called First 4 Internet. Google revealed that First 4 Internet has implemented Digital Rights Management for several record companies, including Sony. It turned out that a recent CD he had purchased, "Get Right with The Man" by the Van Zant brothers, contained Sony's DRM.
Additional experimentation shows that the software is poorly written, and creates a load on the system by scanning the executable files associated with every running process every two seconds, and querying file information including size eight times per scan.
The End User License Agreement (EULA) gives no indication that this software will be installed to your machine, and provides no mechanism for removing it. (They have apparently since modified the EULA in response to Russinovich's analysis.) Russinovich took the trouble to take the steps necessary to remove the software (and return his computer to a functional condition), but as his analysis points out, this would be very difficult for an inexperienced user. A typical responsible computer user who saw the rootkit files and simply deleted them would cripple their computer.
This software appears to me no different from spyware, which was made illegal in the U.S. under the SPY ACT (Securely Protect Yourself Against Cyber Trespass), and also appears (as a commenters on Russinovich's blog note) to violate California state law, UK law, and Australian law. Arizona's anti-spyware law doesn't seem to apply.
Russinovich's detailed step-by-step analysis may be found here.
Don't purchase CDs with such irresponsible and sleazy DRM software.