New
#1
I actually scanned with malwarebytes and found nothing yesterday
Personally I would select the 'Remove all' option, as it looks positive to me. This isn't the Windows Defender application itself, as that's located in C:\Program Files\Windows Defender\.
At a guess, I think the bottom location (FilesStash) is probably the location where Windows Defender is storing the file that it has quarantined.
The top location (LocalCopy) is where Microsoft has made it's own copy of the suspicious file, in order to prepare and send a copy of the file to Microsoft for sample submission and evaluate the file.
When I've had Windows Defender ask to send a sample file submission to Microsoft before, it makes it's own copy of the suspicious file. It then sends the files listed below to watson.telemetry.microsoft.com.nsatc.net, which ties in with the location in your screenshot:
\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{Identifier Number}-Filename.exe
C:\Users\USER\AppData\Local\Temp\MPSampleSubmit\client_manifest.xml
C:\Users\USER\AppData\Local\Temp\WER1C6.tmp.WERInternalMetadata.xml
You can read about the file that has been quarantined by Windows Defender here:
Trojan:Win32/Spursint.A!cl
yeah i removed it