First - Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
Your customer report that the alert is on the hXXp://ce.northcarolinamountainsbackpacking.com/in.cgi?2 link so that is out of your control, it is that site that is infected. But you have to find the script reference to hXXp://ce.northcarolinamountainsbackpacking.com/in.cgi?2 and remove it until you are sure that site has cleaned up its house (assuming that it is legit to have that link on your site).
The hXXp://melbournedollmarket.net/images/play.png file isn't found (so you get a custom 404 page, site under maintenance), are there any references on your site to this file ?
If so check it as it is possible that this file could be hacked to point to the ce.northcarolinamountainsbackpacking.com site.
It is possible for a hack to insert a file and references to it and this has happened it isan indication the site has been hacked. This is usually down to content management software being vulnerable and exploited. So if you are using Jumla, Wordpress, PHP, etc. you need to ensure the versiom is up to date.
I have visited the hXXp://deluxe.flashsuperheroes.com/ page and no alerts, there is however no cross site link/script to the hXXp://ce.northcarolinamountainsbackpacking.com site.