Looking at the screenshot you can find that there are two svchost.exe.
One is svchost.exe (NetworkService) and other is svchost.exe (LocalServiceAndNoImpersonation)
svchost.exe (LocalServiceAndNoImpersonation) is only active and uses the Network when firefox.exe is active.
2 Answers
Some malware often uses a process name of svchost.exe to disguise itself. The original system file svchost.exe is located in C:\Windows\System32. Are those services located somewhere else? If they do, then they are malware.
What is svchost.exe?
svchost.exe is a system process that hosts multiple Windows services or as Microsoft describes: "svchost.exe is a generic host process name for services that run from dynamic-link libraries".
Why are there multiple svchost.exes?
There are multiple instances of this service, because if every single service ran under a single svchost.exe instance, a failure in one might bring down all of Windows, thus they a separated.
You can analyze the services using a tool like Process Explorer and gain more information about their activity.
References: howtogeek
No, it is not a virus / malware.
You say it only appears when you open Firefox, there is possibly no malware behind this.
I also have this svchost process running LocalServiceAndNoImpersonation and this PC is clean.
So far LocalServiceAndNoImpersonation is a legit process and is used by Windows AppLocker.
Windows AppLocker is a security feature of Windows.
AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
You can inspect it with ProcessExplorer.
There should be also the loaded DLL mentioned.
2A Microsoft Service that is used by AppLocker to determine and verify the identity of an applicaiton. Please note that this service is launched by svchost.exe, but the actual application is what is listed as the filename.
