I've investigated thoroughly. First I removed the DLL embedder, zipped a release candidate, and submitted to virustotal. Still detected same as before, so the cause wasn't the DLL embedder. Then I submitted all the DLLs and even the 7za.exe to virustotal and all came back clean. Only BiUpdateHelper.exe returned detections. So I proceeded to remove code from BiUpdateHelper and keep resubmitting to virustotal with a little less code in it each time. I needed to remove nearly everything before the detections went away.
This is good, because it indicates nothing is hijacking the programs I compile. The AV engines are simply false alarming based on heuristics. E.g. "this program is doing way too much registry access for its size", or something like that. I build enough programs that this isn't the first time AV engines have thrown up false positives on something I built. Usually the detections go away after some time (weeks / months).
So I decided to restore all the code and try removing bits and pieces again to see if I could identify one piece that was causing the false alarms. Most of the AV detections went away after removing all the performance data collection. This doesn't really surprise me, because in the course of performance data collection, lots of registry stuff gets done, web requests are made, and lots of details about the computer hardware is read. Even with this gone though, one more pesky AV engine thinks it found something.
I don't know what this last one is complaining about because I ended my investigation here. I can't start removing entire program features just to satisfy the fleeting whims of AV engines. We'll just have to live with the detections until they go away on their own.