I have some ideas about this now. DSLstats doesn't call any Windows programs, but it does of course call native APIs and uses native widgets. (These calls are indirect, because Lazarus is a cross-platform development system and so has an interface layer between the programmer and the native APIs and widgets.)
In reading and writing .ini files, API calls will be made, and it's possible that the malware attack damaged this part of the OS. The fact that no other programs are affected may simply be because you don't use any other programs which use .ini files. This possibility would be supported by the error message you reported "Error restoring login configuration". In a more general sense it would explain why errors are occurring during both reading and writing .ini files.
All the DSLstats tabs which display text use a widget called a memo control. This widget is, I believe, also used by Notepad for its main text editing window. I wonder if the malware attack may have damaged this widget as well as the Notepad program. I can't really see how this would lead to problems reading and writing .ini files, but it could cause DSLstats to malfunction.