After Corina approached me regarding this I did a little research myself and think I have found roughly the same things that Danny had as well. This 204.177.92.193 ip in which you recieved the harmful code from is just one of several connections this person had around the world. It is indeed run by Lexitrans from KS, though I think the perp acted apart from the company owning this ip. I found a host of worms,spyware,addware at this ip addy.
Here is what I believe may have happened Ebus. Upon going to corina's webmaster page on ccbills side, there was a frame that pointed to a place on her site that did not exist. This triggered a redirect that sent you initially to homegrownvideo's front page. This is not malitious, we do this to steer traffic that is not going anywhere (404/401's) as many webmasters do on their servers. At this point you must have endured some exit traffic pop up's and then this hacker scrub made his move. He(bad guy) likely had a dialer spot that looked legit on the surface until he swapped out his page for a redirect that went to another redirect and so on. Eventually it led you to his unclean page that you posted originally.
Whatever the case is Ebus, this fellow is long gone. Once word came out of this he must have removed all redirects and flitted back into the shadows whence he came. CCbill resolved the missing page frame fairly quickly by my estimate. I can certainly appreciate the anger you felt upon being hit by this hacker. I hate these assholes to the core. Just know that we can be a source of help, but it becomes challanging when we are the source of your rancor.
I hope this helps you out some.
-N