Does the Admin Kit happen to do scanning of the network using ports 139 and 445? I am getting reports of a couple of my "FILE SERVERS" scanning IP addresses of other computers in my company that reside in other parts of the world (SYN_SENT). My file servers have no business initiating connections, all traffic should be going into the server.

I've scanned these machines for spyware/adware/viruses and can find nothing. Also crawled through each directory looking for any files that don't look right. Nothing shows in task manager as well. The only thing I can tell is that the "system" process is the one that is showing as being the culprit. However, it seems that if I shut down the admin kit service, I am no longer seeing any strange activity. I can't be 100%, but I've had the sevice shut down for about 30 minutes now and don't see any activity. I just turned it back on and the scans started again.

Can anyone verify this activity?

Hello,

the Administration Kit scans your network for new clients via Windows network/IP subnetworks/Active Directory.
You can disable the network scan through the properties of your Administration Kit server, Tab is 'Scan network'.
Please read the Administration Kit reference guide, there you'll find the necessary information.

arw you saying the guide will tell me how to shut off scanning or if it's using ports 139 & 445?

You can use wireshark and install on your servers to see what packets are using those ports. Might help you find out if its really kav or something else.