This is really odd!
Logically, if you're behind a routing type device, when you run the GRC ShieldsUp test, they are basically sending a series of pings to ports of your publicly assigned address. This public IP is assigned to you by your ISP and is attached to the outward facing side of your router device. When you run the GRC test, your request contains your public IP address, as your private IP address (the 192.168.X.X one) is non-routable.
When the GRC server starts the test, the only IP address it knows about, in relation to you, is the public one, which is your router, not your PC. Consequently, the results reflect the answers GRC received from your modem, not from your PC.
I can't explain why you're getting different results when trialling different modes of CFP, as CFP cannot alter the configuration of your modem and the GRC tests never actually get to your software firewall (unless you have specifically forwarded ports).
Odd. I'll keep my eye on this thread.