You've run a virus scan I assume.
Two things which might help track down what is going on:
Install Wireshark (http://www.wireshark.org) - and leave it sniffing on the HTTP connection. Then use the "Follow TCP Stream" function to look at the HTTP request - that will tell you what those requests are pulling back. It won't be able to sniff the HTTPS but might give clues as to what they are - eg you could find the https URL visible in a preceding HTTP transaction.
Also get a copy of TCPView (http://technet.microsoft.com/en-gb/sysinternals/bb897437) which should be able to show you which process is making the connections.
Finally, if you are able, block the host on your router when you're not investigating the cause - at least that should stop it eating your allowance - it might affect general browsing though if you need anything from that server.
Edited by mr_bean (Wed 28-Dec-11 12:09:37)