Netstat reports what is currently bound to the IP stack. If IIS is running, and is configured to listen for HTTP requests, it should open port 80, even if a firewall is blocking the connection (I believe).
I am not IIS literate, I always run Apache under Linux, so I really can't help you with IIS, other than to tell you that nearly everything points to a configuration issue with IIS. But generally it is not safe to query a program about its state as a reliable method of verification. Programmers always take short cuts because it is hard to actually verify everything. That is why I had you run netstat. It doesn't know about applications, but it knows how to read the stack bindings. No stack bindings, no communications.
A hard boot is actually powering the machine off, and powering it back on, vice rebooting it. Memory is initialized when a hard boot is performed, it is not when a soft boot (reboot) is performed. For most modern OSs there doesn't seem to be much of a difference. In the old days, it would mean the difference between a program restarting and not.
The fact that you are getting 'stealth' at grc.com does mean something, and it is one pointer that indicates that the problem could be something other than IIS. Normally when a port is closed the OS will respond with a NAK to a connection request. With a firewall, you can have the request dropped, rather than responding with the NAK. The dropped request is what grc calls a 'stealth' port.
Is it possible that someone restarted IIS and when McAffee asked if IIS should be able to talk to the net, they pushed the "Never" button? I'm assuming that you have the McAffee firewall product installed. It is where I would check next. I'd also double check the firewall in the broadband router, just in case.
You should attempt to run ethereal on the IIS machine and see what is actually happening when requests come from the Internet. Are the connection requests actually arriving at your host? I suspect that the answer is yes, the packets are arriving, and that you are not responding with either a SYN/ACK (continue the connection process) or NAK (no connections allowed).