Have you looked at getcountermeasure.rb ??
"This script is for the identification of third party anti virus, HIPS, HIDS, Firewalls as well as Windows security settings as local Firewall and on Vista if UAC is enabled - This Script is now part of the Metasploit Project"
Its an updated/newer version of killav.rb
There is some information at Disabling Antivirus with Meterpreter (Page 1) - Penetration Testing - PaulDotCom Forums where the issue was also been discussed by the author of the script.