i hate when programs add folders/files to my %UserProfile% directory that is what %AppData% is for. i would sugest using REMOVESELF instead of RECURSE so the empty folder is also removed.
[.Thumbnails*]
LangSecRef=3021
DetectFile=%UserProfile%\.Thumbnails
Default=False
FileKey1=%UserProfile%\.Thumbnails|*.*|REMOVESELF
have you looked into the '%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts' folder? every sandbox i create in sandboxie will create a folder with a shortcut in it named '[sandbox name] program name'. example '[temp] Firefox'. the only non sandboxie file i have seen is a Control Panel shortcut which windows will create when the control panel is run.
http://www.sandboxie.com/index.php?PrivacyConcerns
http://www.sandboxie.com/phpbb/viewtopic.php?t=12671
[implicitAppShortcuts*]
LangSecRef=3025
DetectFile=%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
Default=False
FileKey1=%AppData%\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts|*.*|RECURSE
another suggestion for the Firefox/Mozilla section is to remove the 'Firefox' from entries with it in their name. example 'Firefox webappsstore.sqlite'. i realize there are multiple webappsstore.sqlite for the different mozilla programs but it looks weird when only a couple of the entries say Firefox when they are all firefox entries.
Adblock Plus Backups, Adblock Lite Backups and FlashGot are detected by DET_MOZILLA so they show even if you dont have them installed.
thanks