You are mixing apples and oranges. Either build the full query or use parameters (I'd recommend the latter). In this case you are not providing the sql command a username variable to fill in. Try something like this:
hdstr = "SELECT Password FROM LogFile WHERE Username=@UserName"
hdcmd = New SqlCommand(hdstr, hdcon)
hdcmd.Parameters.Add(New SqlParameter("@Username", UsernameTextBox.Text))
Doing this will also help reduce your suseptibility to SQL injection attacks. Someone could put in a value into your username textbox that looks like this:
'; <some some really bad database stuff here>; select '
That would execute the second part of the query because they put in the quote delimiters that close the username value.