Hello. I recently upgraded my Java runtime environment to version 6 Update 3. During the installation process, i noted that my IP blocker PeerGuardian2 blocked HTTP content coming from IPs within the range called as "Omniture[BargainBuddy]". At that time, i had PG2 configured to block only IPs from the Spyware list.
Now, when i open Spybot-SD and go to the Tools>ActiveX tab, i see 3 entries with the same name Java Runtime Environment 1.6.0.

What bugs me is that only 2 of the 3 entries are classified as legitimate by Spybot-SD, even after updating Spybot-SD and restarting it. Here is an excerpt of the exported log file:


{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programas\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
Date (last write): 25-09-2007 1:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Programas\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
Date (last write): 25-09-2007 1:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programas\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
Date (last write): 25-09-2007 1:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

So, my concrete question is: The entry not classified as Legitimate by Spybot-SD isn't in fact Legitimate (possible spyware), or it's expected to be there and should not be removed ?

You can usually look up activex 's at Castlecops,but the one not marked as legitimate in your spybot activex list isn't there yet.Must be too new.
http://www.castlecops.com/ActiveX.html
If an activex isn't listed there,usually you can Google the numbers between the curly brackets along with the filename,so you can get some idea of whether it's legit or not.

I just installed version 6 Update 3 directly from http://www.java.com/en/ ,and I know it's legit.I have a different Long name,etc.,but the number in curly brackets is the same as yours.And while everything else isn't exactly the same as yours,I'd say it is close enough to say yours is very probably legitimate also.


{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 13/10/2007 12:08:22 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5


{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 13/10/2007 12:08:22 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5