@ Nel
I was freaking out when the native explorer was being killed, and that too with DEP (Data Execution Prevention) kicking in.
So did a sigverif for all DLL files, and ther files and found nothing.
The on closer observation, I saw that once the native explorer is killed, a New session of the Hooked Explorer is invoked with a small Windows Script window appearing at the top ltst corner giving the path as C:\Recycle\X*****, so i took a chance and browsed the folder thru COmmand Prompt, ran attrib -h -s -r to force remove the Hidden Attributes, ran command dir, found the file and uploaded it to the Symantec system, and deleted it.
The only giveaway was the Windows Script pop-up that gave the path, else I'd not have been able to find the trojan.
@ Vikram - The affected test systems are used only by me, so no USB drives are allowed on them :D, and I did try to check the logs and all but came up with nothing. I think it might be coming as a Flash Addon ActiveX component, I'll check this and post if I find anything new.