Diagnose slow, unresponsive, and high-resource machines using Task Manager, Resource Monitor, and Event Viewer. Read the data, find the bottleneck, fix it.
Every slow computer complaint falls into one of four categories: CPU, Memory (RAM), Disk (Storage), or Network. Your job is to identify which resource is the bottleneck — then either fix it or escalate for a hardware upgrade.
Randomly disabling things or doing disk cleanups without checking metrics first is guesswork. Read the numbers, then act.
| Resource | Symptom | Tool to Check | Critical Threshold |
|---|---|---|---|
| CPU | System unresponsive, apps freeze during tasks | Task Manager → Performance → CPU | Sustained >85% usage |
| RAM | Constant freezing, very slow app switching | Task Manager → Performance → Memory | >90% in use; lots of disk paging |
| Disk | Extremely slow boot, apps take forever to open | Task Manager → Performance → Disk | 100% active time (disk bottleneck) |
| Network | Slow web browsing, file transfers, video calls | Task Manager → Performance → Network / Resource Monitor | Consistently near bandwidth cap |
| Tool | How to Open | What It Shows |
|---|---|---|
| Task Manager | Ctrl+Shift+Esc or right-click taskbar | Per-process CPU/RAM/Disk/Network usage; Startup tab; Performance graphs |
| Resource Monitor | Task Manager → Performance → Open Resource Monitor | Detailed per-process and per-disk-drive breakdown; network connections by process |
| Performance Monitor | Run → perfmon | Configurable real-time performance counters and data collector sets |
| Event Viewer | Run → eventvwr | System/Application error logs; critical events and crash analysis |
| Reliability Monitor | Control Panel → Security → View Reliability History | Timeline of software installs, crashes, and errors; identifies when problems started |
| msinfo32 | Run → msinfo32 | Complete hardware inventory: CPU, RAM amount/speed, installed software, drivers |
Most techs skip Reliability Monitor, but it's incredibly useful for timeline diagnosis. It shows a calendar view of crashes, errors, warnings, and software installs. When a user says "it started being slow last Tuesday," open Reliability Monitor to see exactly what happened on that date — often a bad update or new software install will be right there.
| Cause | Bottleneck Type | Fix |
|---|---|---|
| Too many startup programs | CPU & RAM | Task Manager → Startup → disable unnecessary items |
| Insufficient RAM for workload | RAM → Disk (paging) | Close apps; recommend RAM upgrade if chronic |
| Spinning HDD (vs. SSD) | Disk | SSD upgrade dramatically improves boot/load times |
| HDD near capacity (<10% free) | Disk | Disk Cleanup + offload files; paging file needs space |
| Malware / cryptominer | CPU / Disk | Identify process in Task Manager; run malware scan (SOP-006) |
| Windows Update running in background | CPU / Disk / Network | Check Windows Update status; let it complete or schedule |
| Corrupt or fragmented disk (HDD) | Disk | Run chkdsk /f; optimize drive (Defragment & Optimize) |
| Thermal throttling (overheating) | CPU | Check temps with HWMonitor; clean dust from vents/fans |
Use this procedure for any ticket where a user reports the system is "slow," "freezing," or "taking forever." Always collect data first before making any changes.
Press Ctrl+Shift+Esc and click the Performance tab. Look at all four: CPU %, Memory used/available, Disk active time %, and Network throughput. Identify which resource is at or near 100%. This tells you your bottleneck category before you touch anything.
In Task Manager's Processes tab, click the column header for the bottleneck resource (CPU, Memory, or Disk) to sort by usage. Identify the top processes consuming that resource. Right-click a suspicious process → Open file location to see if it's a legitimate Windows process or something unknown.
Click the Startup tab in Task Manager. Sort by "Startup impact." Disable any unnecessary programs that launch at boot — especially anything with "High" impact that the user doesn't recognize. This alone often resolves boot slowness significantly. Requires a reboot to take effect.
Open File Explorer → This PC. Check each drive's free space. If the system drive (C:) has less than 10% free, disk operations suffer and the paging file has limited room. Run Disk Cleanup (search for it) and clean Windows Update files, temporary files, and Recycle Bin. If still critically low, escalate for storage expansion.
Open Event Viewer → Windows Logs → System. Filter by Error and Critical. Look for recurring errors or errors that coincide with the slowness. Specifically look for Event ID 41 (unexpected shutdown) and Disk errors from the source "Disk" — these can indicate impending drive failure.
Open Command Prompt as Administrator and run chkdsk C: /f /r. If the drive is in use, schedule it for next reboot when prompted. For SSDs or HDDs, also check SMART data using a tool like CrystalDiskInfo (free) — look for "Caution" or "Bad" status, which indicates drive failure is imminent.
Sometimes Windows Update runs silently in the background consuming resources. Open Settings → Windows Update and check if an update is actively downloading or installing. Let it finish, then reboot. After updating, run sfc /scannow in an elevated Command Prompt to repair any corrupted system files that may be causing instability.
| Bottleneck | First Check | Common Fix |
|---|---|---|
| CPU 100% | Task Manager → Processes sorted by CPU | End rogue process; check for malware; check cooling |
| RAM 90%+ | Task Manager → Memory; paging activity | Disable startup items; close apps; recommend RAM upgrade |
| Disk 100% | Task Manager → Disk; identify top I/O process | Free disk space; chkdsk; SSD upgrade for HDD |
| Slow boot | Startup tab in Task Manager | Disable high-impact startup items |
| Slow after update | Reliability Monitor; Event Viewer | Roll back update or run sfc /scannow |
| Field | Your Entry |
|---|---|
| Bottleneck Found | |
| Metrics Observed | |
| Root Cause | |
| Steps Taken | |
| Resolution / Recommendation |
"A user says their computer is running slowly. Walk me through how you diagnose it."
I start by opening Task Manager and checking the Performance tab — CPU, Memory, Disk, and Network — to identify which resource is the bottleneck. Once I know the bottleneck, I sort the Processes tab by that metric to find the top consumer. If it's a startup issue, I check the Startup tab for high-impact programs. If disk is at 100%, I check free space and run a disk health check. If RAM is maxed, I look at whether the workload genuinely exceeds the machine's capacity. I also check Reliability Monitor to see if any events coincide with when the slowness started.
"What does it mean when the disk is at 100% utilization and how do you fix it?"
100% disk utilization means the drive is at capacity for read/write operations — everything waiting to read or write is queued, which causes the system to appear frozen. Common causes are: the paging file growing because RAM is full, Windows Update downloading in the background, a failing drive with bad sectors, a malware process, or just the inherent limitation of a spinning HDD which is mechanically slow. I check the Disk column in Task Manager Processes to find what's generating the I/O. If it's Windows Update, I wait. If it's the system paging heavily, RAM may need an upgrade. If the drive shows high response times (>50ms average) or SMART errors, a hardware replacement is needed.
"What is the difference between Task Manager and Resource Monitor, and when do you use each?"
Task Manager gives you a high-level real-time view — which processes are using the most CPU, RAM, disk, and network, plus startup items and performance graphs. I use it as the first tool to identify the bottleneck category and the suspect process. Resource Monitor is deeper — launched from Task Manager's Performance tab, it shows per-process breakdown by specific disk file access, per-connection network activity, and memory commit details. I use Resource Monitor when Task Manager shows an issue but I need to know exactly which files a process is accessing, or which process is holding a specific network connection open. It's the difference between "something is using the disk" and "here is the exact file and operation."