diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 267df774819e39e19e9ef5ddffc6d86d9d13f84c..5087e96f625c54ed2d291297016c8b0115157f57 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -892,11 +892,11 @@ perform_step fast_annot meds_static $PEASOUP_HOME/tools/fast_annot.sh
 # @todo: 2nd arg is the benchmark name but we're currently passing in
 #        the binary in
 # 
-perform_step sfuzz none $PEASOUP_HOME/tools/do_sfuzz.sh $newname.ncexe $orig_exe crash.cso
+perform_step sfuzz none $PEASOUP_HOME/tools/do_sfuzz.sh $newname.ncexe $orig_exe crash.sfuzz.cso
 # if crash found, feed the cso file to the watch allocate step
-#if [ -f crash.cso  ]; then
-#	step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.cso"
-#fi
+if [ -f crash.sfuzz.cso  ]; then
+	step_options_watch_allocate="$step_options_watch_allocate --warning_file=crash.sfuzz.cso"
+fi
 
 #
 # cinderella: infer malloc and other libc functions
diff --git a/tools/ps_analyze_c2e.sh b/tools/ps_analyze_c2e.sh
index 757db84fb18d5e9fcdc742e73f072b2996f7b238..73c34d1c5520c3afdf84af3eb4ff29129f590acc 100755
--- a/tools/ps_analyze_c2e.sh
+++ b/tools/ps_analyze_c2e.sh
@@ -8,6 +8,3 @@ $PEASOUP_HOME/tools/ps_analyze.sh $* 	   	\
 	--step c2e=on \
 
 cgc2elf $2
-
-
-# appfw was working?
diff --git a/tools/ps_analyze_cgc.sh b/tools/ps_analyze_cgc.sh
index d782a36f4bdfde82e20001d211326b32fa42807e..37fecef8d69fb9c603f09a05d45d5dc316407f5e 100755
--- a/tools/ps_analyze_cgc.sh
+++ b/tools/ps_analyze_cgc.sh
@@ -16,26 +16,16 @@
 
 export FIX_CALLS_FIX_ALL_CALLS=1
 
-# by default simple fuzzing is on
-# but turn off sfuzz if warning file already specified on the command line
-#SFUZZ="on"
-SFUZZ="off"
-echo "$@" | grep "watch_allocate"  | grep "warning_file" &>/dev/null
-if [ $? -eq 0 ]; then
-	SFUZZ="off"
-	echo "Turning off simple fuzz as a warning_file has been specified for the watch_allocate step"
-fi
-
 $PEASOUP_HOME/tools/ps_analyze.sh $* 	\
 	--step spawner=off 		\
 	--step appfw=off 		\
 	--step find_strings=off 	\
 	--step preLoaded_ILR1=off	\
 	--step preLoaded_ILR2=off	\
-	--step sfuzz=$SFUZZ	\
+	--step sfuzz=on	\
 	--step cinderella=on	\
 	--step cgc_hlx=on	\
-	--step-option cgc_hlx:--do_malloc_padding=64 \
+	--step-option cgc_hlx:--do_malloc_padding=256 \
 	--step-option cgc_hlx:--shr_malloc_factor=5 \
 	--step-option cgc_hlx:--do_allocate_padding=4096 \
 	--step heaprand=off	\
diff --git a/tools/sfuzz/replay_seed_inputs.sh b/tools/sfuzz/replay_seed_inputs.sh
index 8445ee172786161a322c782872823657cfcca022..0e87ad8121388c21c380b9f7137f5f7abb8996c0 100755
--- a/tools/sfuzz/replay_seed_inputs.sh
+++ b/tools/sfuzz/replay_seed_inputs.sh
@@ -27,6 +27,7 @@ do
 			echo $eip >> $crash_eip_file			
 		fi
 
+                echo "EIP: $eip"
 	fi
 done