UPDATE:
As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details: http://forum.ait-pro.com/forums/topic/scanner-detects-malicious-code-or-infected-files-in-bps-pro-pro-tools/
Not sure about the empty folder. I assume your Host did this for some reason. The File Hit List is your Server’s scanner seeing the BulletProof Security Pro tools.php legitimate file and code as malicious. It is not malicious of course so you need to contact your Host and have them whitelist the bulletproof security plugin folder or just the tools.php file.
Some Web Hosts will do a range of things from quarantining to deleting the Pro-Tools Base64 Decoder – tools.php file. Most scanners are only capable of looking for very general things and cannot really tell the difference between good code or bad code. In this case the Scanner is seeing standard PHP functions that are not used maliciously or have a malicious purpose. That is one of the reasons I do not bother with scanners. Eventually I will add a Scanner to BPS Pro, but it will have the disclaimer that false alarms/false flags are a standard occurrence with any scanner.
.
