Catchme.sys virus WHY NORTON 360 COULD NOT FIND THIS AND REMOVE IT?

Hello!

I had a virus on my PC which had the following behavior:

I couldn't open regedit, cmd, regedt32, and other exes from the Start/Run.
When I typed it in it seemed like soft-rebooting my system or opening the My Documents folder (in Safe mode as well).

Also I could not browse any Mcafee web pages. Could not run RegistryBooster cleaner and some other cleaners.

I could not update Malwarebytes and Mcafee would not update either.

While having the problem I removed Mcafee and Installed NORTON 360.

I run numerous scans on safe mode (with no System restore) and Norton could not find anything. As a matter of fact I also run a lot of other legit and strong Antivirus programs and none could remove it.

Norton 360 was up and running fine and could update as well (after a patched it as suggested by your site).

When I run Norton 360 scan it would find cookies like user@tribalfusion.com, user@quantserve.com, and few more and always last appeared Cookie: orpan cleanup. I kept fixing those but came up at every scan.

 

Finally, I run Combofix in Safe mode and removed: catchme.sys, cathme.log and informed me of registry key LEGACY_CATCHME.

After that, everything was back to normal!

I am not returning to Mcafee since I believe Norton is much better.

HOWEVER, could you please inform me why it could not remove this trojan???

Is what I am writting here, first time heard?

 

Also I have a Qoobox folder which has the trojan in quarantine. Should I go and manually now remove this folder? I know that this folder has been created by Combofix.

Please your advice will be much appreciated.

 

Also another question:

I have Winpatrol running and from time to time it keeps popping a window asking me whether I will allow  a change for file type .scr from "%1" to "%1 /s", or allow for file type .exe from "%1 1*" to "%1 %". Is this normal? Should I allow or not?

 

Thanks a lot for your time! I await your answer!