Mac was hacked on local network by roommate-how to re-install my files w/o reistalling command/terminal hack codes?

I have a Mac Book Pro running latest version on Mountian Lion
Processor 2.3 GHz Intel Core i7

Graphics Intel HD Graphics 4000 512 MB

Memory 8 GB 1600 MHz DDR3

Software OS X 10.8.3 (12D78)

My roommate hacked my Mac. I assume he did this via an old Mac he use to have access to, & then made changes via his PC & his Android phone (can tell by comparing Terminal to Access & Little Snitch) & since the codes I found all were as my User name & as Root Access... Thinking he started gaining access through the weak spot via Reboot Disk & Terminal access from there-though he denys it completely... (But I printed it all out) He accessed ALL my passwords & at the time I didn't know that as I kept trying to change things & lock things up... he was getting hidden files of EVERYTHING I WAS DOING & had remote access to my system, anything I did & camera on my mac.

He hid files with sudo codes in Terminal & had constant any access via remote access, booting, starting or turning off as well as secretly deleting any files or notactions he wanted. He was ghost.

So now not only did he has complete access to my computer & camera... He would enter my room & take what he wants & then access my computer to delete EvoCam files/videos/pics.

He also has been tracking everything I do on my computer and assume he has figured out how to hack my phone by now as well.

He will be an EX-ROOMMATE as soon as I can legally get him out. But until then I am stuck. (Buying locks for all 3 of my bedroom & closet room access doors too!)

I currently have him blocked off the local network & internet. But that won't last long.

I jcopied over to my external hard drive all my important info, pics, files and just deleted the rest.
It took many hours to get my mac to actually delete everything (I HOPE) & then finally let me re-load Mountain Lion. Now I am slowly adding back programs. I think he was also using the Windows interface & some Windows program to sneak past my firewall & all the stops I put up to block him off local.net.

Changed ALL my passwords again-already. Hopefully by zeroing out my hard drive numerous times that it deleted his lines of codes.

Tested in Terminal some of the lines of codes he used (Just lsof & ls -a, history, etc)

SOOO MY QUESTIONS ARE:

Is there a way to let him use the network without him being able to access my Mac??

I have ALL ways I can find to turn off any file sharing, local or remote access... but I did that last time & he figured out a way around it!

My Nework is on a NETGEAR Range Max N wireless router. I configured it this time via Ethernet instead of by Wireless-made my Mac only machine to make changes & only via Ethernet access. (Gave Ethernet & Wireless each their own IP address.)

I also turned off the remote access again, locked in IP addresses to specific machines/phones/Pads... IE 192.168.1.2... on Router.

I also installed Little Snitch, Have Tech Tools 6... Need a good virus protection... (did find some crap only in a couple of my emails when I used one I downloaded as a trial before the re-format... )

Worried about installing Windows again.

How do I block him from getting root access again?

How do I keep him from hidding any codes?

Thank you in advance for your help & suggestions! 🙂