Need help with Trojan-Spy.Win32@mx

I went through detailed preliminary removal instructions. Logs requested are attached. Any help is much appreciated.

Welcome to TS. Your logs show progress. Restart anytime the log indicates action ‘delete on reboot’. This was found in your MBAB log.

We will proceed along a typical path. Update MBAB & SAS scanning tools. Repeat scans. Successive scans may uncover additional infections. Most often one or two additional scans with each tool will achieve no infections and no threats. Remember that SAS should be optioned to delete cookies. Inspect logs for wording ‘delete on reboot’. When found, restart the computer.

After completing scans with MBAM & SAS (achieving 0 results or no further reduction noted), restart the computer. Scan with HJT.

Posts logs. Report progress & what changes are observed.

These additional notes may interest other specialists here.
Finding in the HJT log
O1 – Hosts – 4 entries; appear ineffective;
O10 – appears on the list of valid LSPs
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = btiphotonics.com; Not blacklisted; wait for additional scans;