Today, I got hit by this nasty ADWARE that none of the standard removal tool was able to handle. 180Search is a Comparison Alternative Shopping Engine developed by 180Solutions. It appears to be installed via an ActiveX drive-by download or bundled with several file sharing programs and a few others. It will cause pop-up advertisements, can add shortcut items to the Startup or Desktop, and update itself.
As I was browsing 2+2 today, I noticed a PartyPoker adv window opened every time.

I was able to remove it manually but most of the help available in the web has old information as far of the name of the executable. The critter hides as described below in the registry with the a new name saab.exe.
There is also a folder with the word “search” in the installation area

How do I Remove NCase/180search?
1) Because several files may be in use currently when NCase has infected your system, you should first start Windows in Safe Mode, generally by pressing F8 when the computer restarts and choosing Safe Mode for the list of choices.
2) Remove the Startup Entry in the Registry
• Click on Start, Run, Type REGEDIT and Click OK
• Click the pluses(+) next to the following items
o HKEY_LOCAL_MACHINE
o Software
o Microsoft
o Windows
o CurrentVersion
o Run
• Right-Click on the file MSBB and click DELETE
• Check for any randomly named entries pointing to an EXE file of the same name in the Windows directory
(this can be part of the NCASE infection as well)
• Click the pluses(+) next to the following items
o HKEY_LOCAL_MACHINE
o Software
o Microsoft
o Windows
o CurrentVersion
o Uninstall
• Right-click and Delete the following folders
o nCase
o msbb
• Click the pluses(+) next to the following items
o HKEY_Current_User
o Software
• Right-click and Delete the folder called 180solutions

Standard WARNING: As usual, back up your registry before doing this.


JAQue

I use your method to remove all kinds of Sh* off my startup not just spyware. Remember, when you open that folder, nothing you see there is anything your computer needs to run, and you can make a copy of it just in case you need something back running to play some rare porn files(kidding of course) but I learned a long time ago, many if not all file sharing programs are spam, syware, hijacker, invites.

Thanks for the warning and the detailed help. This kind of thing is always good to be on the look-out for.

Any specific memory of how you might have gotten this thing on your system?

http://www.spywareinfo.com/~merijn/downloads.html

"hijack this" is very helpful for removing those nasty nasty spyware infections. It basically does what you did but its easier for most people who are uncomfortable tinkering with their registries

Or go to www.komando.com (http://www.komando.com) (KimKomando radio show) and go to the her shareware section. She has a solution for almost anything. It also lists the anti Hijacker and Spybot, which are really cool stuff.

Comments for the previous posters:

"Hijack this" only works if you knew the the name of the executable which this company changes very often . The other tools Spybot, Adaware and a few others did not remove it. Most of the help on the web was for manual removal but the name of the file and folder keeps changing.

This program was installed when my son intalled a cd player software.

JAque

Yeah about 2 months ago at work a person got a "newer" version of 1800/Ncase and nothing would remove it and all the discussions I found were for removing older versions. It too was a drive-by download.

That [censored] is the nastiest malware out there and I hope they get fined millions by the new spyware laws.

You can also try downloading Bazooka Adware Scanner by Kephyr. It doesn't actually remove adware, but it has the best scan database I think and gives you instructions on what to remove from your registry and the name/location of the executable.