I ran Symantec Endpoint on it again this morning and it finally identified what this was. They call it a Bloodhound.PDF.3 which was discovered and added to their definitions on Dec 18. Symantec calls the infection rate low 0-2 sites, but based on the comments I've had here it's higher than that. I submitted the zipped up acr442b.tmp file to them. It was definitely the infection vector because it went through that old Reader 7.1. Lesson: update your Adobe Acrobat Reader.
Also, to all those following my analysis, please be careful when messing around with svchost.exe because there is a real one and a fake one. The real one lives in system32 and the fake one lives in system32\drivers. This is especially important when you are going through the registry. There are references to the real one and references to the fake one, so BE CAREFUL.
Thank you all for your great comments.