What router do you have?
I think in previous cases like this, it was due a device within the LAN opening the ports for itself using UPnP.

I am using a Zyxel VMG8324-B10A router.
Everything is 'locked down' including NOT having PNP enabled.
The Shields Up scan should not get past the router, therefore the configuration of the PC should not matter.
I have the Router Firewall set to report any intrusions and when I run the 'All ports' scan nothing passes the router BUT some ports are reported as closed.
The issue is at the Plusnet side where some ports are not being stealthed.
The PC I am using is the same I was using on Be then SKY and I could get a Totally Stealthed scan on GRC/Shields UP.
Update:
======
I have just re-run the scan and got a 100% stealthed result.
The difference is that my PPP address has changed.
The address when the scan gave some closed ports NOT 100% stealthed ports was 80.189.144.151 (151.144.189.80.dyn.plus.net as reported by GRC)
The address now which is fully 100% stealthed is 46.208.47.177 (177.47.208.46.dyn.plus.net as reported by GRC)
It looks like there is a configuration difference between gateways or whatever.

stealthed vs closed are just two different ways to block traffic, closed is considered the polite way to do it, as with stealth the client on the other end has to wait for a timeout.
stealth has the advantage it will slow down scanners and maybe use less resources (since no reply sent), but thats about it really.

What you wrote I know already.
It is the non-polite scanners/hackers etc that I am trying to confound.  
The issue is that closed ports confirm the existence of an address that maps/leads to a real device (PC, Server, Router, etc)
Once you have an address that is confirmed real you can do what ever you want reassured that the target is possibly worth the effort.
If all ports are stealthed a simple scan cannot confirm if you are a device worth targeting.
The scanners/hackers have the option to attack any address BUT aiming at random addresses that may NOT be anything at all does not make sense.
Particularly, when there are many thousands of insecure devices connected to the internet, shouting 'Here I am' ! ! !
For no cost to me, it is simply an extra level of protection from the people that generate lists of possible targets for further efforts.
I am not a target worth aiming at, but that does not mean that I should paint a 'Bullseye on my back' to make it easier for someone to waste their time and mine.
adie:quote

To be honest, the GRC thing about stealth is a bit of a mistruth.  If an ip doesnt respond on any ports its not going to change how a script/attacker will approach the ip.  Plus if you want to pretend you dont exist on the net then turn off your router as browsing sites, doing dns lookups etc. exposes your ip. Aiming at random address's is actually what most scanners do.