From NoVirusThanks
We've released a new tool useful for malware analysis:

Unloaded Module Viewer v1.0

Unloaded Module Viewer (UMV) is a standalone GUI tool designed to enumerate and list Portable Executable (PE) modules (.DLL, .CPL, .EXE etc.) that have been dynamically unloaded throughout the life of a process. When a module is unloaded by the Windows PE loader (with APIs such as FreeLibrary/LdrUnloadDll) certain module information is cached as a snapshot by NTDLL inside the respective process address space which can be useful come investigation time. This internal and private cache consists of the last 64 modules that have been
unloaded and it provides relevant information such as the module name, load address,
module size, timestamp and checksum.


Unloaded Module Viewer can be especially useful to developers, security researchers and reverse engineers looking to analyze run-time module
unloading behavior inside a process of interest.
More info & download:
Analyze Unloaded Modules with Unloaded Module Viewer | NoVirusThanks