penders - 7:33 pm on Jul 6, 2011 (gmt 0)
There is no call to readme.php in the code that I have searched or the database. Where could it be calling from? I notice that after every legitimate page is called, a readme.php is called. So its being called internally.
It is not necessarily being called internally. Any external site could be making the (initial) request, and requesting the legitimate pages, and faking the referrer to make it look like it is being called internally. Once called the script could even be calling itself?!
Do you have a sessionbroker.php file? (This is outside of your document root - public html folder.) Is this a hacked file (which I suspect) or part of WordPress? Is the date/time of this file the same as readme.php?
I think Google will naturally reindex your site over time. You could check in Google's Webmaster Tools for any info.
Other cleanup... Well, they got in somehow, so you should change your passwords and update your WordPress installation as necessary.