I know that .java is ok, but couldn't find anything online about .pwd.lock, but it said: so I assume this is OK...
Next to what ScottSmith already said, a short explanation. In short: don't assume but make certain.
Filenames that start with a dot are not listed by default and show up if you use 'ls' "-a" switch. Because of that these filenames are (still) considered suspicious. If files are part of a package it is easiest to verify using your distro's package manager. If they are not part of a package you will have to get info with 'stat' to see ownership, access permissions and modification and access times and 'file' to get an idea of the contents. If it appears to be text visual inspection is the easiest way to get a clue, else if it's data try use 'strings'.
Besides that RKH 1.2.9 comes with an offline copy of the FAQ which should help you find out more.
One side-note, it said that Apache wasn't found... I guess rkhunter doesn't support Apache2 yet?
RKH does support Apache2. You're probably (since you didn't post it) pointing towards a glitch that's fixed in CVS. If you can spare the time do me a favour and run the CVS version. Please notice the project was here: http://sourceforge.net/projects/rkhunter
a long time ago and is not anymore at http://www.rootkit.nl/
which is dusty, deprecated and dead as far as I'm concerned. Anything pointing to it should be updated or have the link removed.
The version check could be fixed like ScottSmith already said by running --update unless nobody in the community notified us versions changed.
I too was getting strange error messages from rkhunter
If there are any that werent fixed let me know, OK?