Have you considered trying to upload another payload via php session, maybe with the payload backdoored to a legitimate windows executable? Or using some other encoding type to bypass the AV and establish a full session.
Another thing you might want to give a try would be a java payload perhaps? Although I don't know if you have java installed.
If you cannot kill the AV process as admin, I would think the only approaches would be: Encoding to bypass or privilege escalate to kill it (which may be difficult with your limited PHP functionality).