There is no "ntuser.dat" for all users. The registry is either machine wide or per user. The machine wide bits are stored in system.dat including HCR, HKLM and HCC.
MSCONFIG will show you everything that the registry loads, per user (for the currently logged in user) and machine wide. Hijackthis is well worth a visit as it shows everything including stuff like browser helper objects and even the obscure stuff like winlogin notification handlers (incidentally, where the cleverest and most difficult to expunge viruses sometimes hide).
To help your troubleshooting, the
only things that should load before you log on are the OS itself, device drivers and services. HKML is not processed until after you log in, followed by HKCU and the startup groups. With the exception of drivers and services, it is not possible for programs you install, or malware, to load before you login unless they interfere with the boot loader, drivers or services. This wiki page gives a simpler explanation of everything that happens and in what order.
Windows NT startup process - Wikipedia, the free encyclopedia