I'm fairly amazed, because dslstatssampling.exe doesn't do anything. It simply sits there for a maximum of 10 seconds while sampling proceeds. It acts as a marker which HG612_Modem_Stats can detect to avoid clashes between the two programs.
Presumably there's some sequence of bytes in the executable which corresponds with that particular item of malware.
At present it's a rather large executable to do so little, which is a consequence of the lazy way I wrote it. I'll have another look at it and slim it down, which hopefully will get rid of the false positive.