So this was major big-time forensics... which was ran remotely (ie, while infected system was booted and thus untrustworthy)... and they wanted a whopping $100 ? (yes, that's sarcasm....you've paid peanuts and wondering why you got monkeys)
Sound like a bunch of cowboys. Oh, and reflashing back to a few days won't get rid of a persistent rootkit. Sorry to say, but it sounds like this bunch are every bit as clueless as you are.
Oh, and your oh-so-special NAS boxes would have been for nothing had you malware that encrypted files and charged you for access.