1) Use DPAPI and add secondary entropy from a string inside your app. Decide if you can use User level DPAPI security or have to settle for Machine. If using machine, it may be no better then hiding password in some hash.
2) Use some long random string in your app as the raw AES key. Hash it (once or more times) and take the number of bytes you need for the AES key. Encrypt and Decrypt your data using AES and your key. This will stop most but people who can open your app
in reflector and read your code to figure out how your hashing and making your password. Could also use some Obfuscator on your app to raise the bar more.