Lenovo pre-installs a web proxy that injects ads. It MITMs HTTPS traffic by installing its own trusted root certificate.
Always install your OS manually. Don't trust the OEM's version.
EDIT: Holy shit, apparently it's the same key for all installs: https://twitter.com/fugueish/status/568258997578371072
(The private key is necessarily present on the machine. So basically if the key is not public already it will be shortly, and anyone will be able to spoof any web site to Lenovo users.)
EDIT2: Uninstalling the app does NOT remove the certificate. https://twitter.com/metsfan/status/568265468173107200