Found svchosd.exe under C:/ProgramData
Files related to infection/encripted png file for inspection(infected svchosd.exe included so be careful)
Windows SBS 2011 Essentials is the OS
I hope this covers everything needed to help me de-crypt my office's stuff
Almost no steps have been taken as I have not been able to determine the ransomware used.
Edited by a2zbrandon, 23 January 2017 - 03:45 PM.