diff --git a/mkpuzzles b/mkpuzzles
index 13b88d9..e52aca9 100755
--- a/mkpuzzles
+++ b/mkpuzzles
@@ -43,7 +43,7 @@ EOF
diff --git a/packages/forensics/10/index.html b/packages/forensics/10/index.html
deleted file mode 100755
index 5b442e2..0000000
--- a/packages/forensics/10/index.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-You have suspicions that a certain windows box has been infected by a Trojan. You have been given access to a memory image from this box.xp-laptop-2005-06-25.img Use the memory image to determine if the machine has been infected.
-
-In order to answer the questions:
-
- - Determine if the machine has been infected.
-
- - If it has not been infected, list "no" as your answer.
-
- - If it has been infected, list the process name of the Trojan
-
-HINT: You know from googling that the Trojan uses the passWD.log file.
-
diff --git a/packages/forensics/10/key b/packages/forensics/10/key
deleted file mode 100755
index 97d62ab..0000000
--- a/packages/forensics/10/key
+++ /dev/null
@@ -1 +0,0 @@
-lsass.exe
diff --git a/packages/forensics/100/index.html b/packages/forensics/100/index.html
deleted file mode 100755
index bd74257..0000000
--- a/packages/forensics/100/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-What is the method of attack?
-image file
\ No newline at end of file
diff --git a/packages/forensics/100/key b/packages/forensics/100/key
deleted file mode 100755
index 700252b..0000000
--- a/packages/forensics/100/key
+++ /dev/null
@@ -1 +0,0 @@
-dll injection
diff --git a/packages/forensics/20/index.html b/packages/forensics/20/index.html
deleted file mode 100755
index 94c6203..0000000
--- a/packages/forensics/20/index.html
+++ /dev/null
@@ -1,15 +0,0 @@
-
-
-You are currently employed as a SW engineer at KELCY INC. One of your clients has informed you that $10,000 has been deducted from their accounts from an authorized user. They have delivered a software image for you to investigate. Determine if the machine has been compromised.
-
-In order to answer the questions:
-
- - Determine if the machine has been compromised.
-
- - If it has not been compromised, list "no" as your answer.
-
- - If it has been compromised, list the file name (with its extension) being used by the malicious software
-
-winxppro.vmem
-
-
diff --git a/packages/forensics/20/key b/packages/forensics/20/key
deleted file mode 100755
index 8c72a46..0000000
--- a/packages/forensics/20/key
+++ /dev/null
@@ -1 +0,0 @@
-klog.txt
diff --git a/packages/forensics/200/index.html b/packages/forensics/200/index.html
deleted file mode 100755
index e137f68..0000000
--- a/packages/forensics/200/index.html
+++ /dev/null
@@ -1,2 +0,0 @@
-What is the name of what was injected?
-image file
\ No newline at end of file
diff --git a/packages/forensics/200/key b/packages/forensics/200/key
deleted file mode 100755
index 2174d39..0000000
--- a/packages/forensics/200/key
+++ /dev/null
@@ -1 +0,0 @@
-winsecur.dll
diff --git a/packages/forensics/250/index.html b/packages/forensics/250/index.html
deleted file mode 100755
index 9937b0b..0000000
--- a/packages/forensics/250/index.html
+++ /dev/null
@@ -1,10 +0,0 @@
-SA Dumas from the Albuquerque FBI Cyber Squad has alerted you that Antoniette Balls (Iranian postdoc with a username of "aballs@tipmeover.org") working at the lab has been in contact with Iranian Jihad organization. Find the code that she is transmitting to the Iranian Jihad Organization.
-AD database
-
-
-To: Help Desk,
-Subject: Here is the .dit file for the domain controller as requested. Let me know if you need anything else.
-
-Ask for Gary:
-505.452.6718
-505.280.8668
\ No newline at end of file
diff --git a/packages/forensics/250/key b/packages/forensics/250/key
deleted file mode 100755
index 420b18f..0000000
--- a/packages/forensics/250/key
+++ /dev/null
@@ -1 +0,0 @@
-Dirka Dirka
diff --git a/packages/forensics/400/index.html b/packages/forensics/400/index.html
deleted file mode 100755
index 39c5b98..0000000
--- a/packages/forensics/400/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
-
-Determine which file has been winrared in this archive.
-
-
-In order to answer the questions:
-
- - List the file name (including extension) of the file that has been winrared
-
-image file
-rar file
-
-
diff --git a/packages/forensics/400/key b/packages/forensics/400/key
deleted file mode 100755
index 9ab5189..0000000
--- a/packages/forensics/400/key
+++ /dev/null
@@ -1 +0,0 @@
-avatar.txt
diff --git a/packages/forensics/50/index.html b/packages/forensics/50/index.html
deleted file mode 100755
index a79d0e8..0000000
--- a/packages/forensics/50/index.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-You know that a machine has been comprimised. There is a malicious piece of software that logs all key strokes from a computer's keyboard. Find the driver associated with the malicious piece of software.
-
-
-In order to answer the questions:
-
- - List the driver name with its full path
-
-winxppro.vmem
-
-
diff --git a/packages/forensics/50/key b/packages/forensics/50/key
deleted file mode 100755
index d4e3038..0000000
--- a/packages/forensics/50/key
+++ /dev/null
@@ -1 +0,0 @@
-C:\WINDOWS\system32\klog.sys
diff --git a/packages/forensics/forensics.mk b/packages/forensics/forensics.mk
deleted file mode 100644
index 1a83f2e..0000000
--- a/packages/forensics/forensics.mk
+++ /dev/null
@@ -1 +0,0 @@
-$(eval $(call STANDARD_PUZZLE, forensics))
diff --git a/packages/ircd/service/ircd/run b/packages/ircd/service/ircd/run
index 526bc8c..b10a66d 100755
--- a/packages/ircd/service/ircd/run
+++ b/packages/ircd/service/ircd/run
@@ -1,4 +1,4 @@
#! /bin/sh
exec 2>&1
-exec /opt/ngircd/bin/ngircd --config ./ngircd.conf --nodaemon
+exec /opt/ircd/bin/ngircd --config ./ngircd.conf --nodaemon