@ cbmrulez
I thought right from the start it was possibly an FP, that and because of its importance was why we were dancing around avoiding doing anything to the actual file in its original location.
Hopefully, sending it to avast for analysis should resolve this detection, though each ntuser.dat file is pretty unique as it reflects the users system and what they have installed. This is no doubt why I didn't find anything wrong on mine and why we didn't have a flood of similar topics in the forums.