Ditch Opencandy before it damages your reputation more.
I have just come here from viewing complaints in the security newsgroups.
Telling people after they have been infected "they should look more carefully, when installing", simply does not cut it.
You have chosen to team-up with a known malware distributor.
You have no control over how devious the installers are getting, or what software is offered.
This is totally irresponsible, and if you are indeed aware that Opencandy distributes malware, why have you chosen them ?
Is it your wish to expose your users to potential threats ?
If not, and you wish to keep using Opencandy, I suggest you repeatedly install your own product until you have seen every piece of crap they are trying to push on people.
Create a page containing screen-shots of all the installers, and hi-light the options users need to look for.
I know right now you are not going to do that, because it will be a royal pain in the arse.
Depending on how good peoples AV and anti-spyware is, the choice may already be out of your hands.
My copy of Avira for example, will not let me install the last version, as it is set to block all "Risk-ware".
Don't make such an excellent program, then chuck it down the loo.
Is the money you get from them worth your years of good reputation ?