RootkitRevealer comes in two forms: a GUI and a command-line version. Both versions require that the account from which they are run have assigned to it the Backup files and directories, Load drivers and Perform volume maintenance tasks (on Windows XP and higher) privileges. The Administrators group is assigned these privileges by default.
To scan a system with the GUI version launch it on the system and press the Scan button. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list.
The command-line version of RootkitRevealer is named RootkitRevcons.exe. When you execute it with no options it performs a scan of a system, reporting its progress to the screen along with the discrepancies it finds. If you specify the -c option it does not report progress and discrepancies are printed in CSV format for easy import into a database. You can perform scans of remote systems by executing it with the Sysinternals PsExec utility using a command-line like the following:
psexec \\remote -c rootkitrevcons.exe -c