There's a lot of persistent, executable storage on modern computers. I don't know how often attackers take advantage of these, but if you suspect a threat against you is capable of taking advantage of them, then you may want to be more thorough. I kind of think the technician was overreacting too, but I don't know what kinds of rootkits are publicly available for any attacker to copy and paste these days.