Are you saying that LanGuard presented those results to you?  Which scan in LanGuard were you performing?

Full Vulnerability Assesment

Did the scan return any other specifics?  I know that from my experience with LanGuard, it can be a bit misleading with some of the results.  It looks to me from what you posted, that there is a machine out on your network that has a port(s) opened that allows the traffic/vulnerability.  Do you have any of your workstations / servers performing routing?  Or do you perhaps have a misconfigured firewall device?

Almost all machines in domain have this vulnerability as per the scan from GFI as part of the PCI Scan

Ah...now that is familiar.  I would start to look at your domain machines and determine if they are running routing and remote access.  If you have an external firewall device, you can use GP to disable the workstation FW.  Are all your machines on the network patched up?  Although it does not sound like a patch issue, many security focused Microsoft patches can close those holes.

Like I said, start by taking a look at the relevant "services" running on one of the machines in question that deal with routing, etc...and rescan.

Also...it can be ok to have that vulnerability internally if you are protected in other ways.  Not all vulnerabilities reported by GFI are critical.  I went through my scan and had to turn off the parts that I know would fail due to configurations and my setup.

Nice David...thanks man, beat me to it  :)