Pretty much all OEMs preinstall adware. Microsoft infects their own OS with crapware.
They don't all ship with malware infested UEFI so that even reinstalling your OS won't remove the bloatware they installed. Also Lenovo has, multiple times now, installed adware on systems that seriously compromised the security of the user and/or the device.
Adware is bad, remote code execution is much worse.
Superfish was bad enough, but once the public became aware that the malware existed and was so insecure that it made their devices vulnerable to be hacked Lenovo provided people with a fix to remove the malware, but it left the security vulnerability that the malware introduced to the system in place leaving everyone to think they solved the problem when they were still vulnerable. People had to track down news articles and social media posts for information on how to correct the problem until Lenovo updated their instructions. (https://arstechnica.com/information-technology/2015/02/how-t...)