What should someone do when they think their system has been compromised?

Does anyone have a quick checklist? For example:

[list=1][*]Don't turn off computer[*]Run XYZ tool to gather info[*]Save all logs[*]Etc.[/list=1]

I am curious if anyone has a defined response for a system compromise which has a checklist like this and what sorts of things one might put on such a list.

While this isn't a "checklist", I think many will find the following FAQ helpful in handling an incident or performing forensic investigations:

Incident Handling / Forensics FAQ