duplicated one of my Virtual Server images and ran the Internet Gamebox installation on it. I had Filemon running on the background logging newly created files and modifications. The installation created a file named 'noffmmtudd.exe' in the windows\system32 directory and executed it. This file didn't show up in Explorer with 'show hidden/system files' turned on. A registry search didn't find a mention of this file either.

Then I turned off the virtual machine and added the disk as a second (non-booting) disk to a clean virtual machine. The file named 'noffmmtudd.exe' was suddenly visible with Explorer in the windows\system32 directory, along with some data files also starting with 'noffmmtudd'.

After rebooting the infected virtual machine the mentioned files were still not visible in Explorer or the registry. I ran the uninstaller which said it had removed all components of Internet Gamebox.
Loading the disk in the clean virtual machine again showed that the files were still there. I then renamed the exe file.

After rebooting the infected virtual machine the renamed exe and data files finally showed up in Explorer. A registry search came up with 'noffmmtudd.exe' being called on startup.

I hope this proves that Internet Gamebox does indeed install a rootkit. I don't know how to check what the rootkit actually does but it can't be good when it tries to hide itself.