That could mean he has a keylogger recording your keystrokes and sending the log to somewhere else, like his email address. Then finding out your password would be as easy as searching for your AIM username.

Some trojan servers can be bound to an executable, so that they'll install silently when you run it, and they'll allow anyone who has your IP address full access to your computer. Was the picture he sent you in the form picture.exe or picture.jpg/gif/png etc?
Trojan servers can do some nasty things so check these two things on your machine:
  • Check whether your system restore points have been disabled
  • Check if Windows Firewall is still enabled


I think he's just using something like Sub7 or Prorat. To be safe, see if you can find a copy of three programs: Sub7, Prorat and Netbus, and use the "Clean server" option within them. If he's using any of those, programs to attack you, it'll disable his access and get rid of the trojan. It will probably take quite a while to find those though, as the spyware sites all talk about them.

I say that you should install Gentoo.