Hi,
Yes, if I turn off the PnP service I get a clean result.
I can't give you a direct link to the GRC test because of the way the website functions. You need to do the following:
1) point your browser at https://www.grc.com
2) go to the "services" menu
3) click on "shields up!"
4) click the "proceed" button in the middle of the page
4) when the page loads you will see the uPnP clickable hot-spot in the middle of the page
For Rapid7 you can use this direct link:
http://upnp-check.rapid7.com/
I think it was the researchers at rapid 7 that first published widely on this vulnerability after work done in the second half of 2012.
Cheers,
NB