mtcsltd

I was able to resolve the problem by running Malwarebytes Anti-rootkit. This identified another RUN key from HKLM (don't remember the full subkey) from which I assume Windows copies to HKCU\...\Run when Run is deleted. After the reboot, Windows no longer recreates a corrupt Run key. MBAR reported the infection was from Rootkit.Fileless.MTgen.

Thank abustraan. I've tried what you've suggested. Before I tried it, whenever I went to the RUN key I would get 2 of the messages saying 'error reading the values contents'. After deleting the key and letting Windows recreate it, it still says that error on that key, but says it only once. After rebooting and adding back the string values that were present before, I continue to get that error message, though just once. So it seems like Windows is recreating the RUN key incorrectly.

One of my PC's is also detecting this rootkit. I've run the full scanner several times. There's nothing left of it other than the HKCU key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run which appears to be corrupt, as when I use regedit and go to that key I get an error saying 'error reading the values contents'. The key remains after multiple scans, so is there still a rootkit there putting it back? Is malwarebytes unable to remove the corrupt key?