I've seen laughable attempts at spying e.g. people installing TeamViewer as a silent background service, or saying that VNC is antivirus. This kind of thing you can deal with without wiping. However, if this guy does know what he's doing, either wipe and start again or hand in to Plod as evidence for prosecution.

There are valid points to get a new machine - the maxim of "if someone you don't trust has had physical access to it, it's compromised" is technically true. With enough resources the accused could install a rootkit or even some additional hardware in an internal expansion slot (even a laptop; mine has 3 mini-pcie slots, expresscard, internal 56k modem card plug, etc). But unless he works for Mossad / NSA / Q branch this is extremely unlikely...