How to know which program is connecting to domainmanager.com by IP ?

I know this a looknstop forum ,but maybe at this point it may be worth uninstalling looknstop for the time being and install something like outpost firewall which has much better logging capabilities plus the ability to block those domains with web filtering.You could try the 30day trial pro version and see if it can give more insight.
ellison

 

Ok, looks like you now are playing with “Direct Access”, then you will need to be sure to delete the previously acquired WPAD script and resolved WPAD name.

The easiest way to accomplish this is to execute the following steps:
Clear the browser cache completely: ActiveX Controls, Cookies, History, etc..
Close all instances of browser.
Delete all WPAD script instances.
Open a command window as administrator and type the following command:
del \wpad.*.*.dat /s
del \wpad*.dat /s
del \proxy*.pac /s
del \*.pac /s

Clear the DNS and Netbios name caches.
Open a command window as administrator and type the following commands:
ipconfig /flushdns
nbtstat -R

You should now have a clean starting point for testing changes.

 

@ellison64:
LnS is blocking the connects that show up in the Log window.
It is only when I disable IPv6 completely, I suspect (so I'm not sure) that the program/process which connects switches to regular TCP connects and succeeds. But I'm a WireShark noob. And according to the docs, the red colour marks problem packets (out of order, chopped off, etc.). So maybe I'm still protected by noobie luck.

@sparviero:
I'm prepared to do what you suggest because it has been very useful advice you've given to me. I'm going to rid off the problem with a secure erase later, and then restoring the full backup I made, just after installing Windows 7. That backup contains only the fresh OS, nothing else, and should be clean.

But right now, I really like to discover which program/process/service is causing the connects to these shared hosting IPs with cr.p/smut sites.
I need to know if my PC was turned into a sleeping terrorist cell (ready to be woken up) or not.
I also emailed my ISP today to ask for the traffic logs from the period I was on holiday. But they'll probably not (be able to) oblige. If they keep their logs for that long anyway.

 

I would still try outpost as it probably has the best logging system of any firewall.Uninstall looknstop (you can keep registry entries for licensing and rules for reinstallation by unticking box on uninstalling screeen later) and try the trial version of outpost pro.I think youll benefit from the more indepth logging ,which may show what is trying to connect.
ellison

 

What the heck is this WPAD thing?

All major browsers currently support this feature. Only Opera (windows) doesn't support the WPAD protocol.
Note that many installed applications on windows by default following IE proxy settings, so which program/process/service is causing the connects ? maybe you could find this with another firewall, but certainly not with outpost, as suggested.