Here's my take on what's going on...although I'm definitely not a master-mind Your anti-virus is catching the infected PDF/EXE based on known signatures of the payload(s). If you use msfencode (or msfvenom with the appropriate options), you should be able to encode & slip by the anti-virus. Win7 has some security features built-in (i.e. ASLR, DEP, NX) that's probably stopping hashdump & keylogging. If you dig around in metasploit (and on exploit-db.com), you should be able to find some exploits that will defeat these features.