My approach to that question is to educate my client instead of playing the "blame game".
Increasing their skepticism about how safe the internet has helped increase their online safety ten fold.
I'll talk to them about Email, Web Surfing, and the "Always On" Internet Connection.
Most people still don't understand that an email that hit's Outlook, could infect your PC. So I talk about the pro's and con's of using a client side email application as apposed to one in the cloud.
I go over Best Practices for web surfing to help them identify scams, ads, and other content that can really trick a person into going somewhere unsafe.
Lastly I discuss the fact that if their PC is on, then they're online. For some reason people seem to think that just because the browser isn't open, that they're 100% safe, and that's simply not the case. The Windows Firewall sucks, and I educate them on the importance of proper security for at home, and work.
An educated client will help reduce your labor costs significantly. This however may mean that if they're a break/fix client, that you won't get as many service calls to remove viruses, etc. The upside is you'll probably get referrals more often!
I don't go "searching" for the source of an infection anymore, unless a client want's to pay me for the labor. My hand-off there is that I will provide them with training and classes to help reduce the risk in the future (for free), AFTER I have solved the immediate threat. Now this allows me to present the same curriculum pretty much, every time. It is systematized, and has it's own written process which is easy for anyone to follow, and has NO TECH SPEAK.