Is there any way to figure out the salt?
It's the username.
I have a copy of the alpha_num_sym32_space tables, so also is it possible, once the salted encryption is figured out, to add the salt one-time to these tables? I have 2TB storage, so that is no issue. What time constraints would this create, if possible?
I'm not sure I understand your question, but you can't modify rainbowtables once they have been created.
There's no point making rainbowtables to crack this hash, as you are only going to use them once. Rainbowtables are useful because they as as effective as a bruteforce attack and as efficient as a dictionary attack. They take longer to create than it takes to bruteforce the same keyspace, so they are only useful if you can reuse them many times.
The hash you have is not MD5, it is MSCASH. MSCASH = MD4( MD4(password ) || lowercase(username) ). As you can see, the password is hashed, the username is appended, then the whole lot is hashed again. At least, I'm pretty sure that's right.
The fastest method will be a dictionary attack. If that fails, you have to brute-force this hash.