Probably not going to be in time but I found a site
that claims it's two files:
The tricky part is it is run by the shell value in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. This should normally be: explorer.exe
It also has an entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run which runs thinkpoint.exe
Windows won't mind if you delete thinkpoint.exe. Probably an error message after logon but if you delete hotfix.exe you probably won't have a desktop.
Since it's win98 this should be easy to fix. Boot into DOS (Edit \autoexec.bat and put a REM or # in front of win then save and reboot. To get back into windows just type win and you should be able to edit autoexec.bat again.)
and then locate the two files and then copy the explorer.exe onto them.
cd %UserProfile%\Application Data
(make sure you see the bad guys)
copy \windows\explorer.exe hotfix.exe
copy \windows\explorer.exe thinkpoint.exe
I would think Hijackthis should see and let you fix fix both registry entries but you may need to find an older version to get it to work with 98.