Not sure if your firewall is capable of it, but my company ran into issues like this before and our firewalls can actually monitor traffic down to the MAC address of the offending PC, unfortunately there was no "easy" way to track down the system when you have about 200+, but what we did was block the IP...result....one upset user who couldn't get on the net for a few minutes, and the computer found to have a bunch of rootkits installed.
This user was in the communications department and they constantly get infected because they visit social network sites, ad the usual story "i dont know what happened" comes into play.... ooo the joys of IT
We use SonicWalls btw
CompTIA A+ Certified
MCTS - Microsoft Certified Technical Specialist - Server Virtualization
MCSA - Microsoft Certified System Administrator - Messaging
It wasn't me!...........okay it was but you have no right to assume!!