I do not recognise that software. It is not cPanel or Plesk (phpmyadmin)...
It is something that they have on their computer.
It is something uploaded to your hosting account.
It is something uploaded to a different hosting account on the same server.
In all 3 cases; This means that they have your usernames and passwords to be able to see those details.
You need to work out how they got these details. Changing your passwords is advised, but unless you know how they got them in the first place...you don't know if they would be able to get them again.
What I would do next:
First; download malwarebytes and scan all my devices for anything that should not be there.
Second; change all passwords EVERYWHERE, not just this site, but all of them. Your bank, your email, your ISP, EVERYTHING.
a. Find a new host
b. Go through all my site files and database to ensure they are clean
c. Get site up and running on new host
d. Rip out any added extra "add ons", get back to clean code as best you can
e. Update to the responsive osCommerce (and keep it clean of "add ons" that touch core code.
Edited by burt, 22 February 2017 - 09:59.