Suspicious traffic please help!

Hi.
I have a complicated issue I don't know if anyone can help.
I bought a proxy package from resiproxy website. It's a 2g per month package.
I started using the package for couple of hours then i checked my account for how much i used so far. I found extra usage in my package that I didn't use, i used 0.02 g, and there was an extra 0.18 that wasn't me. I knew this because it's using Costa Rica proxy which I'm not using, and it's going much faster than I do. I monitored the usage for a day and noticed that: while I'm using the package, there is that extra Costa Rica usage. When I start using the package, it starts consuming after a while. It keeps consuming the package even if I stop and turn the laptop off and even the router. It seems to stop after reaching a specific value related to my usage or something..
For example, after i stopped working yesterday, it was around 0.20, i checked few hours later, and it was like this:
18/02/2019 Costa Rica 20610 Requests / 0.48 GB
18/02/2019 United States 5323 Requests / 0.19 GB
Total 0.67 G
Now more than 12 hours it didn't change because I didn't use the package..
I even asked the support to temporarily disable my package, but it kept consuming while the package is disabled! Until it reached that amount then stopped.
The resiproxy support told me that this is some kind of worm, and they suggested I use wireshark to monitor my network traffic. I installed it but I have not much clue of what to do or what to look for or how to understand what I see... And I don't know how this keeps happening even if I unplug my router and turn off everything... Is it a worm on my laptop? How do I remove it?
Note: I used packages from this company before and it was fine. But recently this happened with one of my friends, and now it's happening to me with this new package.