You're probably way ahead of me here ... and probably way past this stage ... but just in case ...
I was just looking through my PestPatrol program, and I see they have an "Analyze File" feature. So I asked it to analyze my msvcrta.dll file. (I had renamed it to "msvcrta (suspicious!).dll".) In case it's of any use to you, I'll paste the results below. Looks like it references a couple of other dll files. And it seems to reference the registry key where it was placed. So maybe it is active in its own installation.
File: C:\Spyware-Adware Files\msvcrta (suspicious!).dll
Size: 390,656 bytes
Pest: Not a known pest
Creation Date: 11/29/2004
Last Write: 6/21/2004
DLLs Referenced: \msvcrta.dll ADVAPI32.dll ole32.dll OLEAUT32.dll USER32.dll
Text: 'Rich 'Rich PE A mwutE 9qu u/s qla rke 5ZFI aabbddgghhkkmmnnppssuu DES part of OpenSSLv May li es GSor6 wo a vFE A ment9ThreadingMode SOFTWARE\Classes LSID\ E6F B5E20-DE35-11CF-9C87-00AA 27ED \InProcServ WINDIR SystemRoot TEMP NUL o7 p.tmpacc aF nel GetWindowsDirectoryA Path Slee essHea Fi Size MultiByteToO deChar De SExitC a lo balF A iAl nTimG WrieP seHa PoY Rion Tick -u ov iv Ad a KERNEL32.DLL LoadLibraryA GetProcAddress RegOpenKeyA free CoInitialize SetWindowPos
File Type: .dll file.
Compression: No compression or unknown compression method.
Language: Unknown Language.
Caution: Use this automated file analysis with caution. Please do not substitute these results for good judgment.