F-Secure is reporting that the drivers for Sony Microvault USB sticks uses rootkit techniques (http://www.f-secure.com/weblog/#00001263) to hide a directory from the Windows API. "This USB stick with rootkit-like behavior is closely related to the Sony BMG case. First of all, it is another case where rootkit-like cloaking is ill advisedly used in commercial software. Also, the USB sticks we ordered are products of the same company — Sony Corporation. The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."

It seems the spyware is not an actual rootkit.

Okay, so SecuROM installs without ANY notification for the user, including in the EULA.

It gives itself admin privileges in order to bypass UAC under Vista.

It stealths itself to avoid detection. (Successfully, except for MS' Rootkit Revealer and AVG.)

It is incompatible with, and may screw up, numerous apps; including AVG, MS' own Process Explorer, and any app using a similar protection scheme.

It fingerprints your hardware (despite all denials, hashmarks are fingerprints. If Sony wants to argue that they're not, well -- .torrent files are just checksums and hashes) and phones home with the info.

It is impossible to uninstall without high levels of computer knowledge. The easiest way is to reinstall Windows. I understand the registry keys can also be deleted under LINUX. Partial, but not complete, removal can be accomplished in safe mode.