win32.hacktool.toolevld was found by adaware but not Avast, it could be that adaware has a false positive as my computer has been clean for a while, I cleaned (deleted) it with adaware so I'm unable to send it for analysis, dont know whether this info would be useful to the Alwil team
EDIT: just read lavasoft message boards and it appears that they and some others have categorised it as malicious although the program was actually to enable more tcp/ip connections on XP computers, they are currently debating whether it should be classified as malware or not