MS haven't helped things by going 'straight from' the unsecured method to the UAC system, in which you tend to say "Yeah, I meant that" every time. Every time. You're checking the properties of the clock and click on the "change time" link (because, you know, having that functionality directly on the Date & Time window, with a handy cancel button and the close icon if you didn't mean it, was just so 'broken', that they had to separate it, right?) and UAC asks you to confirm that the Change Time window/program can be run...
Anyway, people tend to get so used to that that they always confirm it without reading it. Which puts you back at square one as if it were as it were originally.
Not saying it's a totally bad thing, but it causes problems. (Especially when you're doing a Windows Update, or something else official, and the UAC window actually hides behind the "35% done" installation window, and you didn't realise that for the last half hour it was awaiting your response on something that you'd have expected the semi-automated Windows Update process to have allowed to happen, seeing as you set the process off yourself.)
Haven't used Windows 7 enough to know if it's as bad. It seems to be either improved or at least made so much less visible, for the few dozens of hours of total use of it that I've actually had.
*nix installations tend to (noted exceptions aside, and of course habitually running as 'root', to be a lot better because they've been built that way from the ground up. And, it has to be said, used by more technical users who have a small inkling of how just the utilities they want to, and know[2] are safe can be given a sudo-type access, and most times even then not to 'root' but to something like the sqluser or webadmin pseudo-accounts or so...
Back to AVG, it'd be a heuristic match. Instructions along the lines of checking for a certain running executable and poking it is a feature common to a number of malwares. While most pre-existing malwares are now known by an actual signature of some kind (and can be named, even behind some metamorphic attempt to disguise, although the metamorphism is also commonly picked up, heuristically, in new stuff), this will pick up "gen/trojan-hijack.1234" or whatever name AVG gives this kind of thing. IIRC you can whitelist processes in AVG, which you could do if you were going to use it (like I had to in order to make an officially-sanctioned JohnTheRipper run, on a machine whose AV (correctly!) pointed out that it was a bit of a naughty program). And again, as others have said, if you're not going to use it then ignore its absence.
If you have a legitimate program, or are unsure but think that you're getting a false-positive, getting your AV vendor to have a look at the item being highlighted usually brings about either a personal or an added-to-all-updates 'exception' rule, once they confirm to their own satisfaction that it's a real and legitimate program. I remember once the company I was in had a new licence update for SAS (Statistical Analysis Software, and the crux of their business) where the licence-code somehow (somewhere down the line, in the extensive licence-protection system integrated with their product) managed to provoke Sophos's scanners (though only the Netware .NLM version, IIRC). We quickly got them to double-check the situation and provide an 'anti-signature' exception .IDE (their mini-update files) which resolved the situation (until the next major monthly update came about with a more permanently included exception, just like it included more permanent protections in place of the mini-updates that had already occured). Not sure if your use of AVG is via the free version or the fully paid-for one (which might affect exactly how quickly they want to support you on this) but if you had wanted to use it, I'm sure they'd do something similar for you.
But you don't. I'm really just spelling it out in case someone else does need to sort something out in order to use that. But, if I read it correctly, DFHack now works differently and doesn't trigger the same.
[2] YMMV.