the sites that your friend have visited is using or linked to third-party sites which is very common. The sniffer feature of the said program is simply doing what it have to do: to sniff any connections (third-party or not).
To verify, please ask your friend to close 'Net Transporter' then install Fiddler2 (beta) then let her visit the sites and see if Fiddler will record the same third-party sites.
I'm in rather urgent need of some advice. A friend uses the software 'Net Transporter' (http://www.xi-soft.com/default.htm) to download copies of radio shows broadcast online in the RA format. I don't have any experience with how this software works, only what I have seen in trying to help him with this issue, so please forgive me for being a little vague.
The software has a 'URL sniffer' function which lists links of websites visited and any with downloadable RA files pop up as a link on the list. The user can then save the file to their HD. For some reason, the list is being populated by websites the user has not visited, especially when the program is left running over night. The sites are mostly facebook/myspace pages and are usually band/tv show related. The content all seems like it is of an American origin (it is all fairly obscure stuff).
I have no idea how this information is showing up on the sniffer list and whether it suggests a) someone is using his internet by proxy? (his router is passworded and he lives in a very remote area with only one house in range anyway) b) whether he is somehow picking up info from someone elses browser or c) it is somethign else I haven't thought of. My main fear is the potential security issues, with all his financial data being placed at risk, and also that his connection, which has always been fairly slow, is being hijacked in some form which is reducing his bandwidth.
As I said, please forgive the vagueness of this post, I wish I could offer more information. Any suggestions as to the severity and cause of this would be very much appreciated!