Remove spyware (PCUpgradeNow.com) from Safari - Snow Leopard

No malware that has ever been found on any Mac could behave in the way you describe. If the facts are all as you've stated, then the problem is in the network, not in your computer. However, if you think otherwise, see below.

Back up all data to at least two different storage devices, if you haven't already done so. One backup is not enough to be safe. The backups can be made with Time Machine or with Disk Utility. Preferably both.

Erase and install OS X. [You will boot from your Snow Leopard installation disc, not from Recovery.] This operation will destroy all data on the startup volume, so you had be better be sure of the backups. If you upgraded from an older version of OS X, you'll need the Apple ID and password that you used, so make a note of those before you begin.

When you restart, you'll be prompted to go through the initial setup process in Setup Assistant. That’s when you transfer the data from a backup.

Select only users and Computer & Network Settings in the Setup Assistant dialog—not Applications or Other files and folders. Don't transfer the Guest account, if it was enabled.

After that, run Software Update.

If the problem is resolved after the clean installation, reinstall third-party software selectively. I can only suggest general guidelines. Self-contained applications that install into the Applications folder by drag-and-drop or download from the App Store are usually safe. Anything that comes packaged as an installer or that prompts for an administrator password is suspect, and you must test thoroughly after reinstalling each such item to make sure you haven't restored the problem.

Before installing any software, ask yourself the question: "Am I sure I know how to uninstall this without having to wipe the volume again?" If the answer is "no," stop.

Never install any third-party software unless you know how to uninstall it.

I have Snow Leopard -- In Safari preferences where is your home page going to?

I have Safari set to open windows with a blank page rather than the home page.

My home page is internet carrier and I only go there after I check there web mail site for items in question.

IF you are not running WIndows on Mac - pc virus would not hurt you - but it is something depending on where it comes from you can sent off to your friends.

Forgot to add - I also do not allow Safari any plugins and I do not allow Java, Plug-In's, and extensions.

My firewall blocks everything, and I am not on a network so I do not share anything.

Did notice that the Safari updates in Snow Leopard had a tendency to change some of the settings so would go through preferences and change them back to what I wanted after update.

Also noticed when looking at a printer driver setup from 2 years ago - it defaulted to share - although my other setups have no share so took it off.

To keep myself wildly secure - I also use INTEGO internet security software & their Washing Machine product. (to Linc Davis - I am describing what I use and how it runs for me.)

I am just wondering is it possible for malware to affect the motherboard or some other component as it still retained this popup, although it is a completely new drive?

No. This is a network issue. Perhaps your ISP is hijacking DNS queries to its own name server. Whatever it is, the cause is not to be found in your computer.