For a variety of reasons (malware and bugs mostly) I need to find and kill jobs entered into launchd. Removing them is easy, and I can also indirectly figure out what executable they are starting, (by looking up the active PID in ps) but I haven't found a good way to locate what is submitting the job in the first place.
A lot of this crap is in /Library/LaunchAgents, but anything can submit a job to launchctl, in a different context (directory) or even without using a plist at all. Does anyone know of a good way to find what loaded the job into launchd to begin with? I've noticed that things like symantec and mackeeper run multiple daemons that watch eachother and watch launchd and just keep re-adding their jobs if you remove them, until you find the process that is playing whack-a-mole with you and kill it. (and I know in the windows malware world, there is often a number of processes all watching eachother to make stopping them all difficult)
