InternetGameBox touts itself as software, which allows you to play online, flash based online games. But, InternetGameBox is much more than gaming! It's an adware which uses Navipromo rootkit to hide its traces! As soon as InternetGamebox client program is installed from their website, the installer drops few files to System32 directory and creates a randomly named process which is hidden from user mode APIs.
This is how InternetGameBox client looks like:
Here's a screen shot of hidden process:
Files and Registry keys hidden by Navipromo:
Surprisingly, the hidden executable is barely detected by AVs. Here's a screen shot of Virus.org Malware Scanner showing the scan result of the executable. It can be seen that only ArcaVir was able to detect it heuristically:
InternetGameBox' Navipromo rootkit can be completely removed using the Navilog1 tool. A tutorial to use the Navilog1 tool to remove Navipromo can be found at CastleCops Wiki.