Kind a weird...The 2 userinit.exe have the same MD5
[2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe <<- combofix deemed this as malware
[2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe <<-- file used as replacement also has same MD5 as the one removed by CF.
Is this a false-Detection from CF??
EDIT: File is confirmed as FP by SUBs from MBAM Forum..it has been reported.