Troj/Goldun-GG Trojan installs the following files: (System)\acpiz.dll and (System)\acup.sys

The file acup.sys is detected as a component of Troj/Goldun-GG. The file acpiz.dll is detected as Mal/TinyDL-T.

Registry entries are created in the following location in order to run the Trojan on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz

More information can be found at this Sophos page.