If you're running 7.5.3 then you have the security patch in place already, so you're good there. As for tracking it by looking at the access logs, if it's being done by a web based attack then that's normally the best way.

If you have the timestamp of one of the changed files, then that gives you an exact minute to look at in the access logs, so you just need to look for activity during that minute. You also need to find out if they are only changing files that are writable by the webserver or if they are changing other files as well. If they are changing other files, then it's probably being done by FTP, domain control panel or some other server exploit. I just worked on another one of these problems that turned out to be a domain control panel issue.

Replacing all of the UBB files would assure they are clean, but it wouldn't prevent it from happening again, so you'd really need to find the source.