does finding the username badcred in my webalizer logs mean that I have had my .htpasswd file hacked or does it mean someone tried to log in with bad credentials? I have google around for this a lot and can only find articles about bad credit

post the actual logs lets see....

access_log:65.28.7.221 - badcred [24/Feb/2009:18:03:55 -0600] "GET / HTTP/1.0" 200 15441 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.1:65.28.7.101 - badcred [20/Feb/2009:13:18:17 -0600] "GET / HTTP/1.0" 200 15142 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.1:65.28.7.101 - badcred [20/Feb/2009:13:25:10 -0600] "GET / HTTP/1.0" 200 15142 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.2:65.28.7.167 - badcred [08/Feb/2009:15:39:16 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.2:65.28.7.167 - badcred [08/Feb/2009:15:59:22 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.2:65.28.7.167 - badcred [08/Feb/2009:16:19:29 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [03/Feb/2009:00:34:02 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [03/Feb/2009:01:14:29 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [03/Feb/2009:01:34:35 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [03/Feb/2009:17:36:10 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [03/Feb/2009:18:54:04 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
access_log.3:65.28.7.144 - badcred [04/Feb/2009:04:40:04 -0600] "GET / HTTP/1.0" 200 15153 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"

Whats your apache LogFormat configuration? check in your apache config.
If
it is something like:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
then;
badcred is a username/userid of the person requesting the document as determined by HTTP authentication. The same value is typically provided to CGI scripts in the REMOTE_USER environment variable. If the status code for the request is 401, then this value should not be trusted because the user is not yet authenticated. If the document is not password protected, this entry is supposed to be "-"
In other words, its a bogus username and has no effect to your system.Its how the code(HTTP authentication) was developed and you don't have to worry about it.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

ok, so basically you are saying it means bad credentials!
it is just strange because i haven't seen that before...

while it may not have any effect on my server, is it an indication that a windows box at that IP may have been compromised?

192.168.0.199 - badcred [17/Apr/2009:16:34:33 -0400] "GET / HTTP/1.0" 200 178 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"
192.168.0.199 - badcred [17/Apr/2009:16:14:26 -0400] "GET / HTTP/1.0" 200 178 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Win32)"

No, not in any way. This, in most cases, is simply a result of 'user on client not authenticated'