There are two ways to get back missed registry keys. Manual and automated. Before starting with manual bot instruction of doing things let me introduce some concepts. NTUSER.DAT is a registry hive. Windows allows to temporary mount hives into subkey of HKLM or HKU root entries either manually with regedt32.exe tool or in batch mode with reg.exe (standard utility in WinXP and part of SUPPORT\TOOLS of Win2000 installation CD). Then hive is mounted it could be accessed by other tools, such as regedit.exe
The process of manual export of registry keys from backuped NTUSER.DAT:
1. start regedt32
2. select HKEY_LOCAL_MACHINE window and root key
3. Registry->Load Hive... specify your NTUSER.DAT
4. enter new key name to place registry tree under (I chose temphive)
5. now launch regedit and navigate to the same entry (i.e. HKEY_LOCAL_MACHINE\temphive)
6. Registry->Export Registry File... specify .reg file name
7. make sure temphive is not accessed by regedit.exe and switch back to regedt32.exe
8. make sure temphive is selected and issue Registry->Unload Hive...
Automatic export with reg.exe is governed by the following ntuset.dat.export.bat:
reg.exe load HKLM\temphive NTUSER.DAT
regedit.exe /e regexport.reg HKEY_LOCAL_MACHINE\temphive
reg.exe unload HKLM\temphive
This .bat file creates regexport.reg file with contents of NTUSER.DAT from current directory.