> Kinda looks like something named 'dhttpd' is running and listening on
> port 80, no?
>
> try a quick 'ps -aux' and 'locate dhttpd' and see if it leaks juicy
> bits.

According to http://packages.debian.org/stable/web/dhttpd.html:

Package: dhttpd 1.02a-5
Minimal secure webserver. No cgi-bin support!
As it doesn't run external programs, this webserver cannot be easily hacked.
Does not need a permanent IP Address. Memory efficient. Low profile. Quick.
Just transfers files. Can be run from a user account on high ports. No
configuration necessary. It just works.

'apt-get remove dhttpd' should remove it.

- Bob