As we know one of the biggest causes of broadband users seeing unaccounted high data usage is some hidden background activity on the system. These can include automatic updates and malware (malicious software) such as viruses and spyware.
This is a good utility to advise clients to use as it not only shows total usage of the data connection, but can show it per application, i.e. which process is using how much data. It can even be configured to throttle an application to only use a specific amount of bandwidth. The monitor version is freeware. (http://www.netlimiter.com/download/nl_2010_mon.exe)
2) The problem comes in with malware background processes that intentionally hide themselves from being detected by Virus and Malware scanners such as Windows Defender, TrendMicro, AVG, Norton, et al.
1) Run a continuous bandwidth meter such as Netlimiter. Watch to see if usage is as per your expectation.
2) Install and configure a firewall.
3) Install and update a malware & virus program. Configure it for frequent updates and scans and make sure it stay resident. Often more than one scanner is needed to catch malware that could have slipped by another one.
4) Use a RootKit detect program to search for malware that escaped the above.
5) Sometimes nothing but a full rebuilt might be needed to get rid of RootKits. This is obviously a last resort only.