Too Many Errors in a New WordPress Installation

I’m having big trouble with a couple of sites that have been hacked MANY times. I’m trying everything, before recreating from scratch the sites (fortunately, they are only informative sites, easy to recreate).

I tried Exploit Scanner in a a fresh, new, empty (only 2 security plugins, and an coming soon plug in) site and the results from Exploit Scanner are just depressing…

“hashes-4.4.2.php missing
The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected”

Then, 483 files are pointed as suspicious…. an example:

wp-admin/menu.php
Unknown file found in wp-includes/ or wp-admin/ directory.
wp-admin/user-edit.php
Unknown file found in wp-includes/ or wp-admin/ directory.

this plugin didnt work for me.