First you'll need a tool to crack or reset his OS password for you to login. I know about two ways:
1. Offline NT Password & Registry Editor, Bootdisk:
home.eunet.no/pnordahl/ntpasswd/
This will let you create a boot disk that will eventually reset/blank his password so that you can login.
2. Ophcrack:
ophcrack.sourceforge.net/
The liveCD version will try the most recent methods (rainbow attack if I recall right) to find out the hackers password. It will not reset it. But it can take some time to do the cracking.
Second, you'll need some tools too get out his info quickly. Check here:
www.nirsoft.net/utils/index.html
Check the IECookiesView, IEHistoryView, MyLastSearch tools. There are many others that you might find useful. You'll be amazed!!
I feel like I'm teaching hacking here !!