I'm seeing a BIG increase in port 445 scans, mostly from fairly "local addresses" too. This could be related to the RPC scans I think. In any case, it looks like something might be up.
This is from the link i posted up there:
In both of the attacks described above, a TCP session to port 135 is used to execute the attack. However, access to TCP ports 139 and 445 may also provide attack vectors and should be considered when applying mitigation strategies.