Indeed, there was a set of roots IE 5.01/NT4 SP6/Win2000 and later trusted, and at that time only XP did automatic root cert update making them very valuable. Just before then, I think IE/SChannel only trusted VeriSign/Thawte/CyberTrust, and VeriSign bought Thawte just after IE 5.01 and NT4 SP6 was released.