I'd like to report that the checksums listed here http://www.imgburn.com/index.php?act=download changes very often. Of course this is a trap for those that actually checksum their downloads to not be able to tell from an edited one to the original. That's how I got infected the first time, I checked your damn checksums and they matched. Everytime you added a new code or api.opencandy.com you also changed the checksums on the main page.
Not to mention that each of the mirrors posted have different checksums than the ones on the homepage. The imgburn official mirror is marked as number 7, so that nobody can see it or use it.
The installer checksums below belong to an installer downloaded in 2014 and appears to be clean, so far.
File: SetupImgBurn_220.127.116.11.exe CRC-32: 00e8e0b2 SHA-1: 5ca96a0c243390c378dee1a629684ea261e2cfc4 SHA-256: ab5ab68b541c0de51d7e9eafe1cbe5267347c1e6edf1faeedc79e01fd774375e SHA-512: ee206669d0b71b8b7309b1c97e7e6ecb1e98ba3359025392cf956b64ecb0f74b8eccdd45a2d715230c7351f91571d9eee7104b9a64a383a4855ecab4e9ce2629
So far, the code for ImgBurn itself is not infected, only the installer. If you get a portable copy, it'll be safe to use.
Virustotal links detects nothing because recently the installer does not have malware bundled, but instead it will contact opencandy.com and download them from there, while installing ImgBurn. It's always a different kind of malware or adware, random..
The trick here is that the majority of installers don't offer an uncheck option anymore, they just install the malware automatically.
LIGHTNING UK!, will you say again that ImgBurn has nothing included in its installer? Or you require a dissection of your own installer as proof?