Working from Ramhound's answer I have discovered the culprit. It is something called the Intel(R) Management Engine, which is just a rebranding of its old Active Management Technology. The difference is that AMT was previously an optional component on Intel-based systems, but Intel is trying to make IME mandatory. Currently, it appears you may be able to disable it, by disabling or removing the IME "driver", which is not actually a driver at all, but is application code running at a privileged level below the operating system.
This is a software feature implemented as a driver on Intel-based motherboards which allows Intel to back door into computers running the software to install new drivers, microcode and as of today, apparently, send ads to users.
Obviously, it is a huge security risk, and as I found out various hackers and "security researchers" are already publishing various vulnerabilities it has and how to use to hack any box running it remotely. To answer my own questions:
What is the spyware process doing this?
Intel Management Engine Interface
What information is being sent to Intel?
Unknown. Intel considers the types of information it transfers into and out of a box running the software to be secret and proprietary. At a bare minimum it includes a list of all the drivers the box is running, the motherboard type and version and configuration and the CPU ID. The data Intel sends to and from the box is encrypted, so it is not possible for a (non-hacker) to know what is being exfiltrated from their box.
Is the information being sent directly to Intel, or is Microsoft
collecting the information off the computer, sending it to Intel, then
relaying Intel's ad to me?
The information, including the content of the ad, is being directly sent to and from Intel.
4
it appears Intel is being notified of my "status" every time I boot my computer
. Uhh, what?! How do you figure? Nobody is sending anything to Intel. – David Schwartz – 2016-02-01T21:05:09.0371You are not even enrolled in the service. Do better research next time on the software in question. You could have clicked on the "more information" before you submitted this question. – Ramhound – 2016-02-01T21:18:11.807
@DavidSchwartz It says quote "Status as of last system boot". That would imply a software component checked if I was "enrolled". Since I have never gotten this message before, this component must be newly installed on my computer. – Tyler Durden – 2016-02-01T22:03:24.970
1@TylerDurden Yes, that's right. A software component check if your system was enrolled and discovered that you weren't because there was no enrollment record stored on your machine. – David Schwartz – 2016-02-01T22:04:27.313
@TylerDurden - Its possible the software was offered through Windows Update, because there is a driver component to the underline technology, but your not enrolled in the anti-theft program so no information is being transmitted to Intel. Its also possible if this is a company machine, that your Network Admin, pushed an update that prompted the prompt itself. The program is not considered spyware, since its legitimate piece of software, that you installed, or came installed on your system. – Ramhound – 2016-02-01T22:45:26.187
1The first rule of Intel® AT is: You do not talk about Intel® AT. – Tetsujin – 2016-02-02T09:44:56.347
@Tetsujin Yeah, I am finding that out. – Tyler Durden – 2016-02-02T11:15:41.210