There are a quite few things that could cause this, so there are lots of things you can try - I've listed as many I can think of below. You have already done some, but I'm including them here for completeness, in case someone else is searching with the same issue.
1. Set WP_CONTENT_URL in wp-config.php
Your WP_CONTENT_URL might be using HTTPS. As the issue is with including your theme files, this is the first thing I'd suggest checking out.
Try adding this to wp-config.php to force the website to use HTTP when including from the wp-content folder:
define( 'WP_CONTENT_URL', 'http://www.www.example.com/wp-content' );
2. Set WP_HOME and WP_SITEURL in wp-config.php
Set the WP_HOME and WP_SITEURL in wp-config.php to use HTTP. This will override whatever was set in the WP Settings.
define('WP_HOME','http://www.example.com');
define('WP_SITEURL','http://www.example.com');
You can also confirm what the values are in the database by querying the wp_options table and look for siteurl and home values, as you have already tried.
3. Redirect HTTPS to HTTP in .htaccess
I know you have this done already, but you could try it by checking if HTTPS on rather than HTTP is not off. (Also note - 302 redirect because this is not permanent!)
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=302,NE]
4. Hard-coded URLs the WP database
WP writes the full URL to the database, so there could be instances of urls using HTTPS in the db. You could check each table directly in the database, but I find the plugin "Better Search Replace" quicker and easier to use. You can do a "dry run" to search for instances of "https://www.example.com". If it finds any, you can use the plugin to replace them all (but as always, make sure you do a db backup first before making any changes directly to your db!!)
Better Search Replace plugin on wordpress.org
5. Plugins
Some plugins might be trying to force SSL. There are the obvious ones like Really Simple SSL, but other plugins can also do this, such as security & optimisation plugins - I know iThemes Security does.
If all else fails, try disabling the plugins to check.
6. Hardcoded URLs in theme files or plugin files
It is unlikely with commercial themes & plugins, but it is possible that HTTPS is hard-coded into the theme files. Do a full search or try disabling the plugins and changing the theme to a default WP theme to check.
7. Caching
Your browser, server, caching plugins, minimizer plugins (for CSS & JS) might have HTTPS in the cache (Unlikely in your case, but I'll mention it anyway). Even other less obvious plugins can have caches too, such as gallery plugins.
Clear all your caches including your browser, turn off caching plugins, etc.
You could also try adding this try adding the following to wp-config.php
define( 'WP_CACHE', false );
8. Admin
Make sure you are not forcing SSL for the admin area - add/change the following line in wp-config.php
define('FORCE_SSL_ADMIN', false);
I've run into this problem for similar reasons, and if the first 4 steps don't work I find it's usually a caching issue.
I hope that helps, there a lot of things you can try, and if that doesn't fix it I'm out of ideas!!
