That is a bit much for one post, but here is the esseence of it. This is not something I came up with. I got it from a US Navy manual on securing computer systems running WinNT 4.0. In the ntfs file system of the time, file permissions were much simpler than in the current version but the basic principle still holds and was modeled on file permissions in UNIX systems.
To set file permissions manually in Windows Xp, you need the Pro version. In the tools menu in explorer select folder options and select the view tab. At the bottom of the menu deselect "Use Simple File Sharing". You will now be able to manually set file permissions on any level from a whole drive to a single file. You do this by right clicking on the file or folder you want to set permissions on in explorer. The permissions are set in the security tab. This is the easy part, setting the permissions and getting them right is complicated in ntfs. I never use deny. The basic structure for a file or folder I want to have executible files in is full control for admistrator and system and users get read and execute, list folder contents, and read. The folders that get this permission are Windows and Program Files. All the other folders are set to read/list folder contents/write/delete. Delete permissions are set in the advanced tab. You also have to reset permissions on all child objects in the advanced menu to change permissions on the contents of the subfolders and files. I also delete all users and groups except Adminstrators, system, users, and power users. There is a default "everyone" group that will override everything unless you delete it.
I wouldn't recommend doing this on your main system until you get a feel for it. It will take some trial and error to get it right and some software won't work without further file permission tweaking. Microsoft made this way to complicated as far as I'm concerned. In a Unix/linux system, all there is is read, write and execute in 3 groups and that is all you need.
Doing this makes a system more secure but much less convenient. That is the trade off. It is satisfying to see an error message because some piece of malware is trying to write itself into a protected area but it also means that you have to log on as an administrator--or run an installation program as an administrator--to install software.
You won't need to reformat your driver or reinstall your system but it might be a good idea to repartition your system into seperate system and data partitions if you want to use imaging software and image your system. The best imaging and partitioning software that I've found for free is the Easus suite. Imaging is a the best way to back a system up. I started doing it after losing days of my time trying to get a system to work right and trying to trace down what piece of software or what registry entry messed things up. It is much simpler not to even try and wait a few minutes as the image of the system is restored. The built in system restore in Xp will work in most cases pretty well but imaging is better.