Checked message tracking and noticed emails with abnormal(spam type) subjects being sent from domain users accounts. Some messages went to external email address and some others the sender and the reciepent were the same domain user. I checked the users sent items from their outlook profiles and those sent items were not there. I ran CA antivirus complete scan, nothing found, same with Symantec AV and panda online. Also scanned desktops. Nothing found. These email have been sent at random times, from several different users mailboxes and with different subjects. Cant figure out where they are originating.