I assure you that if someone successfully uploaded a php shell, as if referenced in that other thread, that what you are describing would not be the worst of your troubles.
In other words, azaozz, it's really poor form to point people to THAT thread without knowing the facts -- even IF youre just asking a question.
Nothing you've described suggests a hacker, clivesgt, but since you had an older version exploited did you make SURE upon upgrading that all and any passwords were updated/changed as well? Did you make sure that you have no unknown users with administration access?
Have you tested clean install of WordPress, perhaps in a sub directory, to see if what you are seeing is duplicatable? If it is, and you see it in a fresh install with a clean database, then the problem is with you, your browser, or your hosting set up.