Oh, oh, oh. What a mess! I've never seen such a bad example of an analysis. You guys need to
read what's been written by the OP and not make assumptions about what it
might be.
The domain in the message is
sendmsg.jumpingcrab.com which is located in China with IP 60.10.1.118. Nothing to do with
jumpingcrab.com which has IP 70.39.97.226 Even a cursory Google search would have revealed that. But nobody appears to have bothered doing that.
The OP didn't have a 'bad firefox extension' (
shame on you for suggesting such a thing Essexboy), but a very sophisticated trojan installed which AVAST hasn't yet been able to detect. It's called Trojan.Upclicker and it hides its routines by linking them to a left mouse click. Since AV in general doesn't monitor the mouse, its activities are likely to remain undetected.
I suggest everyone who contributed to this thread read this FireEye article which I hope will serve to open your eyes a bit and not apply your "one-size-fits-all" attempt to try and solve every problem which appears on the horizon.
http://blog.fireeye.com/research/2012/12/dont-click-the-left-mouse-button-trojan-upclicker.html Bye-bye again for another year.