OpenCandy is not malware but a PUP that comes bundled with some free software you installed, and most likely because you did not use custom install
Agree very much with this, you need to watch 'free' software installers like a hawk and even then Open Candy can be sneaked onto your system.
Burnaware a pretty good disc burner never used to include OC in their update installer but then they suddenly decided to do so and, worse, make it non-optional. That fact was hidden away at the bottom of the TOA which I'd bet even many otherwise diligent people would have missed. A very similar story occurred with CDBurnerXP. In the later case I missed it and it got onto my machine.
Luckily it is a relatively benign PUP and easy enough to remove but it still annoyed me. I stopped updating both programs for months. I suspect a lot of other previously happy users did too because the installers/updaters now do include links specifically to an Open Candy free update installer, an option likely prompted by a deluge of complaints.
If any 'free' software programs I need are available at Ninite.com they're always my first port of call when looking for adware free clean downloads. Although I don't rely 100% on its claim to have stripped out all the unwanted elements it is a good place to start if you're as paranoid as I am about avoiding the bad stuff.