I've found the function that's causing the issue, or at least I think I have. The subroutine in RILPHONE.dll that accesses the reg key is at 0x100722C8, and it is only called by 2 other routines, 0x10075080+1C8 and 0x10076A40+45C. Both of those functions read the SystemTime, then run the folowing code starting at loc_10075270:
CMP R0, #1
BNE loc_10075270
ADD R0, SP, #0x34+SystemTime ; lpSystemTime
BL GetSystemTime
ADD R1, SP, #0x34+SystemTime ; void *
MOV R2, #0x10 ; size_t
ADD R0, R5, #0x54 ; void *
BL memcpy
B loc_10075280
loc_10075270
R3, R7, #0x400
ADD R0, R3, #0xD9
ADD R1, R5, #0x54
BL sub_100744C8
LDR R3, [R4,#4]
ORR R3, R3, #0x40
STR R3, [R4,#4]
loc_1007528C ; CODE XREF: sub_10075080+1B0j
ADD SP, SP, #0x10
LDMFD SP!, {R4-R11,LR}
BX LR
sub_100744C8 is dealing with TimeZoneInformation and FileTimes and converting SystemTime to FileTime. Filetime is how MAPI stores it's datetime.
Well, at least we know where the issue is now, maybe someone at HTC has found the same thing and patched it.
Z