The fodhelper binary can be abused to gain an admin shell on Windows boxes with a couple of registry key changes. They key (heh) here is to use the CurVer registry key to point fodhelper.exe to a different registry location; otherwise most AV solutions will catch this change and block it (though sometimes the command will still execute).