Windows 7 activation issue (real or fake?)

I had a virus problem with my PC about a month ago. I took it to a PC repair shop for repair and they told me that it would be a good idea to upgrade my PC from XP to Win 7 in addition to correcting the virus issue.

They upgraded my PC and everything seem OK for about a month and then a Window activation message popped up whenever I booted my PC and periodically while running. The message indicates that Windows must be activated and to click on a link for online processing. I also noticed that when the message appears the wallpaper is disabled.

I called the shop they told me to bring it in, which I did and they checked and claim windows was activated and that the pop-up is a virus/trojan.

Form reading several threads on the web it appears that others have also run into this issue.

But I ran malwarebytes and spybot and neither picked up the issue.

I emailed malwarebytes and they think that this copy of windows may not be legit. And Murice in product support suggested that I mention Noel Paton as someone who should look into this on your forum.

I ran the MGADiag program and here are the results.

Code:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-74XYM-BH4JX-XM76F
Windows Product Key Hash: KeYfcvXg/a1Q01x73+f8IL/JC4Y=
Windows Product ID: 00359-112-0000007-85721
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {2E9A562F-7F02-4A0A-AAEE-C346F7C20830}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b01a_E2AD56EA-766-0_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2E9A562F-7F02-4A0A-AAEE-C346F7C20830}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XM76F</PKey><PID>00359-112-0000007-85721</PID><PIDType>5</PIDType><SID>S-1-5-21-3988670118-4129494783-1430437545</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 200</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.11</Version><SMBIOSVersion major="2" minor="5"/><Date>20080131000000.000000+000</Date></BIOS><HWID>BF183D07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL  </OEMID><OEMTableID>FX09   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>7480B9502DF0D86</Val><Hash>oYWOW5ayFE3pZ+jvTpuXYsY64JE=</Hash><Pid>89388-707-8722531-65357</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 2e7d060d-4714-40f2-9896-1e4f15b612ad
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00170-112-000000-00-1033-7601.0000-0912015
Installation ID: 008392973385675234351915679195294281180105449813224200
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XM76F
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/6/2015 11:25:39 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004F022
HealthStatus: 0x0000000000000000
Event Time Stamp: 4:1:2015 18:35
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJRkUkZvYCGI/eZyZP7m3uYPri4EVyqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			DELL  		FX09   
  FACP			DELL  		FX09   
  HPET			DELL  		FX09   
  MCFG			DELL  		FX09   
  SLIC			DELL  		FX09   
  DMY2			DELL  		FX09   
  SSDT			PmRef		CpuPm

I purchased the PC directly from Dell several years ago and it had XP Home Edition installed (that is also what's on the sticker on the PC).

I am not sure what SFC/SCANNOW is but I didn't run it. It may have been run by the PC shop.

I did not receive anything from the PC shop when I picked up my PC.

Thanks for your help on this.

Have one question related to the Vista question.

When the PC shop installed Win 7 they switched my two drives. The original drive was smaller than another I installed a couple of years after purchase.

When I picked up the PC after the Win & install I noticed that my d drive is now c and c is now d. And the windows XP appears to be on d.

Could the shop have installed Vista and then upgraded to Win 7 to somehow try to hide that it was not a genuine version?

It did cost me about $150 for the "upgrade" and cleanup.

I went back to the PC shop today and told the owner that after running diagnostics on the PC it appears that the Windows installation is not legit. The owner claims it is legit but would not give me copies of the CD and license (claims it would cost $150-$200). How do I report this shop?