So this morning I tried looking for clues in MS System Information. And there in Software Environment > System Hooks I found it: a certain "Windows Procedure" tagged to ctlj.dll in the Windows\System directory. Hmm. I went looking for this dll in Win Explorer, but it didn't show - and I have it set to display all hidden and system files. Hmm again.
Went into MS DOS prompt, navigated to C:\ Windows\System and did a dir ct*.* Sure enough it showed up -- ctlj.dll. I tried to copy the file to a different folder to analyze it, but it wouldn't copy - lock violation.
I exited, and rebooted into DOS command prompt safe mode. This time the file copied over fine. Then I renamed the original to ctlj.wha and booted into Windows Safe Mode.
While booting into safe mode, Windows complained about not finding ctlj.dll (aha!) but when I clicked OK on the dialog it finished booting anyway. I examined ctlj.dll in the test folder, and found it had a date of 6/04/04 time 3:02pm. No version number. Ran Adaware on it (I always make sure Adaware scans every file in \Windows, \Program Files, \My Documents anyway) and it - as well as the renamed version in the system folder - was identified as CWS. Bingo.
I deleted the version in \Windows\System and renamed the one in the test folder. (I'm holding on to it in case it has more clues inside.) Rebooted normally. No complaints from Windows this time. Everything working as it should. No hijack so far.
I think I nailed it.
EDIT: I've put together a step-by-step compliation of the above so you can do the same thing on your system (Windows 98).
Here Is A Fix For Windows 98
Best of luck.
Edited by BobO, 28 June 2004 - 09:08 PM.