sub7 2.1 consists of 2 files, one being the server itself and another one 
called "windos.exe" that i am pretty sure routes commands that are passed to 
it from the windows registry.  you can delete the server at anytime but 
finding it with an updated antivirus is a bit of a pinch unless you run api 
vision like me or know what you're dealing with.  i suggest having avp detect 
the server file and have it report it to you so it may be killed from dos. 
windos.exe can be deleted at anytime as it is not loaded resident into memory 
and closes after each call.  however, deleting windos.exe without first 
opening regedit.exe and scanning for "windos.exe" will make it nearly 
impossible to recover normal windows operations.  when you search the 
registry for windos.exe it should find something that says something like... 
"windos.exe %1" if it finds a line with windos then the %1 or 1% i forget 
which, simply click on it and hit delete.  windows wont "need" windos.exe 
anymore and you can simply delete windos.exe and reboot. ;]

-ras

*note
    avp currently scans windos.exe as subseven 2.0
    and the subseven server as subseven 2.1   ;]