Sprint is another (lesser?) offender -- their mobile broadband injects a script in every page that loads compressed versions of images until told otherwise. (Annoying, but at least it's well-intentioned.) I've long since blocked the IP, but it gave me a bit of a scare to see unfamiliar code in my own websites.
