I'm just a small time repair tech and I'v stumbled into a possible nest of key loggers and remote desktop intrusion tools on a customers computer. It is a not for profit medical foundation that uses a VPN to communicate with other offices.
It all started with a slow computer and a need to upgrade to a new model or clean up existing hardware. The hardware was in good working condition so I suggested saving data and reload of the OS. My discovery has stopped me from going any further for fear that evidence of the intrusions will be lost.
Anyone have a suggestion on what actions to take and who to contact? I'm currently waiting for the president of the foundation to contact me and I'd like to give them correct and logical advice. Without doubt this could easily be way over my head. I could just reinstall XP and move on but fear that the whole VPN could be at risk.

Let the owner decide what action to take.
If they choose the Police, then the Police will want to control the "chain of evidence" and ensure that forensic evidence gathered is compliant with the admissability of evidence protocols in that areas Court system.
The best you can do is preserve everything as it is until the owner decides. You can help him/her once the decision is made if he/she wants to take other options.