Only one client affected and according to our network administrator this pc causes of lockup of AD accounts.
After using removal tool, still no downandup found. we cant run risk tracer because only AV and AS installed (low hardware specs).
still no risk found after after scanning on safemode.