I had a similar experience and resultant concern. The same "password stealer" was flagged at the same disk location (C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\VSIXAUTOUPDATE.EXE-U.MBAM). This was with an manual scan; it had not been picked up automatically. Then on quarantining the file, a reboot was required. After the reboot, a manual scan did not note the "password stealer." But on the next manual scan, the "password stealer" was back. I have done this a few times with no variation. Obviously, with a quarantine that causes a reboot, and subsequently still seeing the problem, there is little that I can do to remedy this. Do you have suggestions?